SushiSwap Chief Technology Officer Joseph Delong said in a Twitter thread Friday (Sept. 17) the community-based decentralized finance (DeFi) company’s Minimal Initial SushiSwap Offering (MISO) platform fell victim to a software supply chain attack, according to an Ars Technica report.
Users can swap, earn, lend, borrow and sell cryptocurrency assets in one place using SushiSwap. The MISO token launchpad was unveiled this year as a place for projects to launch tokens on SushiSwap’s network.
DeFi tokens can function on existing blockchains rather than relying on a native blockchain like crypto coins. Delong announced in a lengthy Twitter thread that an anonymous contractor with the GitHub handle AristoK3 hijacked the auction on the MISO launchpad was hijacked through its supply chain.
The alleged hacker gained access to the project’s code repository and pushed a malicious code commit that was distributed on the platform’s front end, the Ars Technica report says.
“The attacker inserted their own wallet address to replace the auctionWallet at the auction creation,” said Delong in his Twitter thread. The hacker transferred 864.8 Ethereum coins — around $3 million — into their wallet, according to the Ars report.
All affected auctions have been patched since the hack, Delong said in the Ars report.
Related: Upcoming US Sanctions Aim to Drive Out Crypto Ransomware Payments
Meanwhile, the U.S. Treasury Department is planning sanctions and new guidance to stop ransomware hackers from profiting from attacks, according to a report in The Wall Street Journal Friday (Sept. 17).
There are also likely to be new mandates against money laundering and terror financing that are focused on scaling back the use of digital currency in ransomware and other illegal practices are also expected by the end of this year.
The Biden administration considers the ongoing increase in cyberattacks a threat to national security with financial ad health institutions joined by a major fuel pipeline and a national meat producer as ransomware victims in 2021. Many of the hackers carrying out ransomware attacks are based in Russia.