Benjamin Godfrey is a blockchain enthusiast and journalists who relish writing about the real life applications of blockchain technology and innovations to drive general acceptance and worldwide integration of the emerging technology. His desires to educate people about cryptocurrencies inspires his contributions to renowned blockchain based media and sites. Benjamin Godfrey is a lover of sports and agriculture.
The attacker whom Delong suspected to be a Twitter user with the handle @eratos1122 notably carted away with the entire sum generated from the token sale.
The SushiSwap-backed Miso launchpad has come off the latest decentralized protocol to suffer a major hit, this time, it involves a novel Non-Fungible Token (NFT) project, Jay Pegs Auto Mart. As reported by The Block, as much as $3.1 million was realized from the sale of DONA tokens, an ERC-20 token whose value is pegged 1 to 1 with rare 2007 Kia Sedona NFTs.
The DONA tokens are issued by Jay Pegs and it seeks to reinstate the design capabilities of the Kia Sedona auto brand. Per the terms of the token sale, holders of the DONA tokens will be able to exchange them for randomly generated NFTs of the Kia brand. The success of the sale and the goodwill it earned were short-lived as “an anonymous contractor with the GH handle AristoK3 injected malicious code into the Miso front end,” as confirmed by SushiSwap CTO Joseph Delong.
The attacker whom Delong suspected to be a Twitter user with the handle @eratos1122 notably carted away with the entire sum generated from the token sale. The value of the stolen fund was pegged at 864.8 ETH.
The Miso front end has become the victim of a supply chain attack. An anonymous contractor by with the GH handle AristoK3 injected malicious code into the Miso front end. We have reason to believe this is @eratos1122.
864.8 ETH was stolen, address belowhttps://t.co/cDZeBqFV4P
— Joseph 🤝 Delong 🔱 (@josephdelong) September 17, 2021
According to Delong’s submissions, the attacker gained access to the funds by “inserting their own wallet address to replace the auction wallets at the auction creation,” a move that redirected all the funds to the wallet address controlled by the attacker.
Delong said big exchanges including FTX Derivatives Exchange and Binance have been contacted to hand over the Know Your Customer (KYC) details of the attacker, however, both have delayed in their responses to the time-sensitive matter. The launchpad according to the CTO will be reporting the case to the US Federal Bureau of Investigation (FBI) if the funds are not returned in the next couple of hours.
SushiSwap Miso Launchpad Attack: One of Many DeFi Protocol Cyber-Attacks
The SushiSwap Miso Launchpad attack represents just one in a growing list of attacks that have been suffered by decentralized finance (DeFi) protocols in recent times. One of the biggest attacks to date was that of the Poly Network, an interoperable DeFi protocol that was exploited for over $600 million back in August.
Attacks like these have put forth concerns about the security of DeFi protocols in general. Beyond Miso and Poly Network, Cream Finance was also amongst the latest victims, and Miso is banking on the refund of the stolen funds, just the way the Poly Network hacker returned all of the stolen funds.
The Jay Pegs Auto Mart platform appears not to be deterred by the stolen funds in its roadmap as the outfit has confirmed it would still be distributing the Kia Sedona pegged NFT to participants in the DONA token sale. This is irrespective of whether the stolen funds are recovered or not.