The developers of the SushiSwap decentralized exchange reported that 864 ETH was stolen from the platform for the sale of MISO tokens as a result of a hacker attack.
According to a Twitter post by SushiSwap CTO Joseph Delong, the hacker exploited a vulnerability in the MISO platform during an auction for the sale of non-fungible tokens (NFT) and withdrew 864.8 ETH worth about $ 3 million.
DeLonge stated that an anonymous contractor using the AristoK3 alias on Github injected malicious code into the MISO frontend. He added a link to the Ethereum address, to which 864.8 ETH was transferred in the afternoon of September 16. Etherscan has flagged the address as “linked to a hack.”
Such attacks consist in the fact that the attacker changes the address of the contract to one that is under his control. According to the US National Center for Counterintelligence and Security, this type of attack is relevant for open source software libraries.
Only one contract was used to sell NFT JayPegsAutoMart, DeLonge said. The attacker, who worked with the DeFi Yearn.finance protocol, replaced the auction wallet address with his own. The developers of SushiSwap believe that the hack was made by the developer of blockchain and mobile games eratos1122, who owns the corresponding Twitter account.
SushiSwap approached the FTX and Binance exchanges with a request to obtain information about the hacker stored on the sites as part of the KYC procedure. DeLong stated that if the attacker does not return the money today, the exchange will file a complaint with the FBI.
As a reminder, vulnerabilities have already been identified on the MISO platform. In August, SushiSwap escaped a $ 365 million hack thanks to a “white hacker.”