SushiSwap Hacked for $3M but Funds Returned Almost Immediately

September 21, 2021, 11:30 AM AEST - 3 weeks ago

A mystery rogue developer who allegedly drained 864.8 ETH (US$3 million) from a MISO auction has returned the funds to the original token contract.

SushiSwap’s token launch platform suffered a supply chain attack last week that targeted its ‘Jay Pegs Auto Mart’ auction contract.

The exploit was first identified on September 17 by Sushi’s CTO Joseph Delong, who tweeted a link to the transaction that drained the funds from the protocol.

According to Delong, an anonymous contractor injected malicious code into the MISO front end, replacing the original contract for the Jay Pegs Auto Mart token auction – a parody NFT project imitating the value of a 2007 Kia – with a personal Ethereum address. A total of 864.8 ETH was transferred to the address, but no other auctions were affected.

Threat of Legal Action Prompts Return of Funds

In a string of since-deleted tweets, Delong said that Sushi had “reason to believe” the attacker was eratos1122, a pseudonymous developer who worked with Sushi and other DeFi projects. Delong put up a trail of transactions linked to the hacker’s original address and an ultimatum was also posted threatening the hacker with legal action if the funds weren’t reinstated.

A couple of hours later, the hacker returned 865 ETH to the original MISO contract. Data from Etherscan showed that the hacker’s address was almost completely empty, with Delong himself confirming the news on Twitter.

Accused Developer Threatens Retaliation

It’s still not clear who the attacker was and Delong’s original tweets accusing the former MISO developer have been deleted. The accused person threatened to release some of the MISO code he was working on in the absence of an apology from Sushi and Delong.

While many saw this as a clear sign of the developer’s involvement in the incident, neither Sushi nor any of its founders have commented further on the issue.

Some among the crypto community have slated Sushi and Delong for their handling of the situation. With the protocol mostly built by anonymous developers, making accusations without a proper investigation has negatively affected Sushi’s reputation.

Just last month, a collective effort from the crypto community saved SushiSwap’s token fundraising platform from a potential US$350 million heist.

Almost simultaneous with the MISO exploit, SUSHI gained 23 percent in 24 hours following a growth spurt for decentralised exchange tokens (DEX).

Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.