Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The DONA token auction of the Jay Pegs Auto Mart project on the SushiSwap Launchpad platform MISO was attacked. The attacker inserted malicious code into the MISO front end and changed the auction wallet address to his own wallet address. The loss has now reached 865 ETH (approximately 3.07 million). Dollar). Joseph Delong, CTO of SushiSwap, said on Twitter that the vulnerability has been fixed and that FTX and Binance have been asked to provide the attacker's KYC information, but both exchanges refused to cooperate. In addition, Joseph Delong also stated that he has reported the case to the FBI through his lawyer and reminded the project party to check whether there are similar front-end vulnerabilities. According to the Ethereum block explorer Etherscan, the attacker returned all ETH to SushiSwap. The operation was divided into two transactions, the first return 100 ETH, the second return 700 ETH, and the third return 65 ETH. Attack method (per SlowMist): Malicious Code Injection Attack. Reported loss: -.
- chain
- ethereum
- protocol
- MISO
- bug_class
- unknown
- date_occurred
- 2021-09-17
- loss_usd
- —
- source_id
- sm:miso::2021-09-17