The Right Place to Buy, Earn, Exchange and Borrow against Your Crypto.

Get Started
Hacker returns 865 ETH stolen from Sushi’s token launch platform MISO Hacker returns 865 ETH stolen from Sushi’s token launch platform MISO

Hacker returns 865 ETH stolen from Sushi’s token launch platform MISO

The rogue developer that drained 864.8 ETH from a MISO auction returned the funds to the original token contract after being exposed by Sushi's founders.

Hacker returns 865 ETH stolen from Sushi’s token launch platform MISO

Cover art/illustration via CryptoSlate

SushiSwap‘s token launch platform MISO suffered a supply chain attack yesterday that drained 864.8 ETH from the ‘Jay Pegs Auto Mart’ token auction contract.

The exploit was first identified by Sushi’s CTO Joseph Delong on September 17th, who tweeted out a link to the transaction that drained the funds from the protocol.

A stressful day for Sushi and MISO ends well for token holders

According to Delong, an anonymous contractor managed to inject malicious code into the MISO front end, replacing the original contract for the Jay pegs Auto Mart token auction with a personal Ethereum address. A total of 864.8 ETH has been transferred to the address, but no other auctions have been affected by the exploit.

In a series of since-deleted tweets, Delong said that Sushi had “reasons to believe” the attacker was eratos1122, a pseudonymous developer who worked with Sushi and other DeFi projects such as Yearn.Finance. He shared a document showing a trail of transactions linked to the hacker’s original address, some of which have been funded by Binance and FTX.

An ultimatum was posted alongside the document threatening the hacker with legal action if the funds weren’t promptly returned.

Just a couple of hours later, the hacker returned 865 ETH to the original MISO contract. Data from Etherscan showed that the hacker’s address was almost completely empty, with Delong himself confirming the news on Twitter.

In the hours since the funds have been returned, it still hasn’t become clear who the attacker was. Delong’s original tweets where he accused the former MISO developer have been deleted. The person he accused of theft threatened to release some of the MISO code he was working on if he didn’t receive an apology from Sushi and Delong. And while many saw this as a clear sign of his involvement with the incident, neither Sushi nor any of its founders have issued further comments on the issue.

Many members of the crypto community criticized Sushi and Delong for their handling of the situation. With the protocol mostly built by anonymous developers, pointing fingers and doxxing without a proper investigation has put a dent into Sushi’s reputation.

Posted In: Hacks, NFTs

Connect your wallet, trade with Orion Swap Widget.

Directly from this Widget: the top CEXs + DEXs aggregated through Orion. No account, global access.