{"id":49629,"date":"2021-09-17T10:23:29","date_gmt":"2021-09-17T07:23:29","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=49629"},"modified":"2025-09-02T13:36:41","modified_gmt":"2025-09-02T10:36:41","slug":"hacker-stole-more-than-3-million-from-sushiswaps-miso-platform","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-stole-more-than-3-million-from-sushiswaps-miso-platform\/","title":{"rendered":"Hacker stole more than $3 million from SushiSwap&#8217;s MISO platform"},"content":{"rendered":"<p>The attacker siphoned 864.8 ETH (about $3.09 million) from an NFT auction on SushiSwap&#8217;s MISO protocol <span data-descr=\"Initial DEX Offering, primary coin offering on a decentralized exchange\" class=\"old_tooltip\">IDO<\/span>-platform.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">September 17, 2021 | 17:03<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>The hacker returned all stolen funds, transferring them in three transactions to the SushiSwap address.<\/p>\n<\/div>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"104\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-1-1024x104.jpg\" alt=\"Hacker stole more than $3 million from SushiSwap's MISO platform\" class=\"wp-image-149742\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-1-1024x104.jpg 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-1-300x31.jpg 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-1-768x78.jpg 768w, https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-1.jpg 1355w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Data: <a href=\"https:\/\/etherscan.io\/address\/0x3ddd8b6d092df917473680d6c41f80f708c45395\">Etherscan<\/a>.<\/figcaption><\/figure>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">The Miso front end has become the victim of a supply chain attack. An anonymous contractor by with the GH handle AristoK3 injected malicious code into the Miso front end. We have reason to believe this is <a href=\"https:\/\/twitter.com\/eratos1122?ref_src=twsrc%5Etfw\">@eratos1122<\/a>.<\/p>\n<p>864.8 ETH was stolen, address below<a href=\"https:\/\/t.co\/cDZeBqFV4P\">https:\/\/t.co\/cDZeBqFV4P<\/a><\/p>\n<p>\u2014 Joseph \ud83e\udd1d Delong \ud83d\udd31 (@josephdelong) <a href=\"https:\/\/twitter.com\/josephdelong\/status\/1438712356352274433?ref_src=twsrc%5Etfw\">September 17, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>SushiSwap CTO Joseph Delong said that an anonymous contractor using the GitHub handle AristoK3 injected malicious code into the MISO front end and spoofed the auction address.<\/p>\n<p>Around 19:00 (MSK), the funds were sent to the attacker-controlled <a href=\"https:\/\/etherscan.io\/address\/0x3ddd8b6d092df917473680d6c41f80f708c45395#internaltx\">wallet<\/a>, which Etherscan now marks as linked to the MISO exploit.<\/p>\n<p>According to Delong, the team believes the attacker is known on Twitter under the alias 0x A.K. The user describes himself as a blockchain and web developer.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">September 17, 2021 | 18:47<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>The assumption proved incorrect; the SushiSwap CTO apologised to the developer who, by his account, did most of the work for MISO.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">I\u2019ll say sorry. I\u2019ll even say you\u2019re pretty now that the funds have been returned <a href=\"https:\/\/t.co\/aE4XyQfEcz\">https:\/\/t.co\/aE4XyQfEcz<\/a><\/p>\n<p>\u2014 Joseph \ud83e\udd1d Delong \ud83d\udd31 (@josephdelong) <a href=\"https:\/\/twitter.com\/josephdelong\/status\/1438872147359830022?ref_src=twsrc%5Etfw\">September 17, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<p>Delong warned that the contractor also did work for the DeFi project yearn.Finance.<\/p>\n<p>Experts from MISO asked exchanges FTX and Binance for information about the hacker\u2019s identity, but received no cooperation, Delong said. If funds are not returned by 15:00 (MSK) on September 17, they will turn to the <span data-descr=\"Federal Bureau of Investigation (FBI)\" class=\"old_tooltip\">FBI<\/span>.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">September 17, 2021 | 17:03<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>The attacker transferred 100 ETH after the deadline to the Sushi multisig wallet.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abI hope, he will send the rest\u00bb, \u2014 wrote Delong.<\/p>\n<\/blockquote>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">100 ETH has been returned to the Sushi multisig. Hoping the attacker sends the rest<a href=\"https:\/\/t.co\/PpvYCaIUeq\">https:\/\/t.co\/PpvYCaIUeq<\/a> <a href=\"https:\/\/t.co\/Xz7uQiHRW9\">https:\/\/t.co\/Xz7uQiHRW9<\/a><\/p>\n<p>\u2014 Joseph \ud83e\udd1d Delong \ud83d\udd31 (@josephdelong) <a href=\"https:\/\/twitter.com\/josephdelong\/status\/1438839165873967107?ref_src=twsrc%5Etfw\">September 17, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">September 17, 2021 | 17:03<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>Approximately an hour after the first transaction, the hacker returned <a href=\"https:\/\/etherscan.io\/tx\/0x904e5bcb5ef9cfb19f19afd04849f3b12d17dc347d3e525072fcd139cc08cbdb\">another 700 ETH<\/a>.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"143\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-1024x143.jpg\" alt=\"Hacker stole more than $3 million from SushiSwap's MISO platform\" class=\"wp-image-149733\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-1024x143.jpg 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-300x42.jpg 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome-768x107.jpg 768w, https:\/\/u1f987.com\/wp-content\/uploads\/Address-0x3ddd8b6d092df917473680d6c41f80f708c45395-Etherscan-Google-Chrome.jpg 1329w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Data: Etherscan.<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<p>Delong clarified that only the Jay Pegs Auto Mart auction was affected. The team has assured users they will still receive the purchased NFTs from the 2007 Kia Sedona series, despite the theft of funds. The release is scheduled for September 21.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Hey folks. Everyone will still receive their 2007 Kia Sedona NFTs, and the exchange is still scheduled to begin on 9\/21\/2021. <a href=\"https:\/\/t.co\/oYgqyHY8Jp\">https:\/\/t.co\/oYgqyHY8Jp<\/a><\/p>\n<p>\u2014 Jay Pegs Auto Mart (@jaypegsautomart) <a href=\"https:\/\/twitter.com\/jaypegsautomart\/status\/1438715095861891076?ref_src=twsrc%5Etfw\">September 17, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier, a white-hat hacker helped fix a vulnerability in MISO that <a href=\"https:\/\/u1f987.com\/en\/news\/white-hat-hacker-foils-350m-theft-in-sushiswap-defi-project\">could have led to the loss of 109,000 ETH<\/a> (~$350 million at the time).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The attacker siphoned 864.8 ETH (about $3.09 million) from an NFT auction on SushiSwap&#8217;s MISO protocol IDO platform.<\/p>\n","protected":false},"author":1,"featured_media":49630,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1379],"class_list":["post-49629","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-sushiswap"],"aioseo_notices":[],"amp_enabled":true,"views":"27","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/49629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=49629"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/49629\/revisions"}],"predecessor-version":[{"id":49631,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/49629\/revisions\/49631"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/49630"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=49629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=49629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=49629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}