As the spate of DeFi exploits continues to increase, Ethereum-based decentralized exchange, Sushiswap’s token platform, MISO is the victim in the latest exploit that sees 864.8 ETH stolen. The stolen ETH is valued at $3 million, Chief Technology Officer of the protocol, Joseph Delong revealed while reporting the incident. As of press time, the hacker is reported to have been identified.
In his tweet report, CTO Delong declared that the hacker had incorporated malicious code into the token platform’s front-end, thereby giving him access to the stolen ETH. Speculating on the identity of the hacker, Joseph Delong had noted in his tweet that the hacker is likely to be using the Github handle- Aristo K3 and a Twitter account with the name @eratos1122.
Due to the relevance of the MISO platform, industry experts have alleged that the exploit could have a domino effect, most likely negative. The MISO platform consists of a series of smart contracts which simplify the process of setting up new projects on the Ethereum-based DEX Sushiswap.
Hacker Attacks MISO’s Front-end with Malicious Code
CTO Delong further claimed that the hacker- who has somewhat been identified- tweaked the contract address for an NFT sale belonging to @JayPegsAutoMart, and then replaced it with a personal address before going ahead to write the malicious code on the platform’s front-end. While Delong admitted that only the smart contract for the NFT auction was affected by the exploit, he revealed that it has been recovered.
This is the second time that Sushiswap is getting exploited and the umpteenth time in the history of exploits on DeFi protocols. The first time was a hacking attempt by a white hat hacker that had saved the protocol from losing $350 million after he discovered an error that black hat hackers would probably have taken advantage of. The hacker realized the bug in one of the auction contracts on MISO and drew the attention of the development team to it who were able to fix the error. The second attempt is the latest which was also successful.
Binance and FTX Refuse to Provide KYC Information of Hacker
Meanwhile, CTO Delong asserted that attempts at facilitating the cooperation of leading crypto exchanges Binance and FTX to stop the hacker from liquidating the stolen Ether were unsuccessful. According to him, they have refused to provide the KYC information of the hacker. He concluded with a warning that if the hacker failed to return the stolen funds within a given ultimatum, the matter will be reported to FBI authorities.
It is unlikely that the hacker will refund the stolen ETH as in the manner of the black hat turned white-hat hacker in the Poly Network incident following a $600 million exploit. In the August incident, Poly Network had rewarded the hacker with a job and a bug bounty of $500k. Though the hacker had claimed it was not his intention to steal the funds.