The attacker withdrew 864.8 ETH (~ $ 3.09 million) from the non-fungible token (NFT) auction on GONE-SushiSwap MISO protocol platform.
The Miso front end has become the victim of a supply chain attack. An anonymous contractor by with the GH handle AristoK3 injected malicious code into the Miso front end. We have reason to believe this is @eratos1122.
864.8 ETH was stolen, address belowhttps://t.co/cDZeBqFV4P
— Joseph 🤝 Delong 🔱 (@josephdelong) September 17, 2021
SushiSwap CTO Joseph DeLonge reported that an anonymous contractor using the AristoK3 nickname on GitHub injected malicious code into the MISO frontend and changed the auction address.
At around 7:00 p.m. ET, funds went to an attacker-controlled wallet, which has now been tagged by Etherscan as linked to the MISO exploit.
According to DeLonge, the platform team has reason to believe that on Twitter, the attacker is known under the pseudonym 0x AK.The user describes himself as a blockchain and web developer.
DeLonge warned that the contractor was also doing work for yearn.Finance’s DeFi project.
MISO specialists asked the FTX and Binance exchanges for information about the identity of the attacker, but did not meet with understanding, DeLong said. In case of non-refund of funds before 15:00 (Moscow time) on September 17, they will contact FBI.
He clarified that only the auction of the Jay Pegs Auto Mart project was affected. The team has already assured users that they will receive their purchased 2007 Kia Sedona NFT series despite the theft of funds. The release is scheduled for September 21st.
Hey folks. Everyone will still receive their 2007 Kia Sedona NFTs, and the exchange is still scheduled to begin on 9/21/2021. https://t.co/oYgqyHY8Jp
— Jay Pegs Auto Mart (@jaypegsautomart) September 17, 2021
Earlier, a white hacker helped fix a vulnerability in MISO that could lead to the loss of 109,000 ETH (~ $ 350 million at the time).
Stay in touch! Subscribe to World Stock Market in Telegram.