Decentralized finance protocol SushiSwap has suffered an exploit on its token platform (MISO). The attacker made away with 864.8 ETH, currently worth $3 million.
The incident was first revealed to the public by the Chief Technology Officer of SushiSwap Joseph Delong, who tweeted:
MISO is a suite of open-source smart contracts built to simplify the process of launching a new project on the SushiSwap exchange. According to Delong, the attacker whose GitHub handle is AristoK3 changed the contract address to one of his own and injected the platform’s front end with malicious code.
The CTO added that only one contract address for an NFT auction was exploited, an automobile-themed Jay Pegs Auto Mart, and it has already been patched.
Interestingly, this isn’t the first time MISO has been exploited. A white-hat hacker and security researcher with venture capital firm Paradigm save SushiSwap from a potential $350 million exploit on the MISO Dutch auction contract a month ago.
There are speculations that Twitter user @eratos1122, who previously worked with Yearn.Finance could be behind the hack.
The CTO is finding it difficult to get exchanges like Binance and FTX to cooperate. He noted, “we have asked @FTX_Official and @Binance to turn over the attacker’s KYC information, but they have resisted on this time-sensitive matter.”
The exec also issued a warning, threatening that if the stolen funds are not returned by 8 am Eastern Time on Friday, the firm will file a complaint with the FBI.