An attacker used a supply-chain assault to steal $3 million in cryptocurrency theft from the SushiSwap MISO cryptocurrency platform by infecting Sushi’s private GitHub repository.

  • The attacker, according to analysts, was an unidentified contractor working on Sushi’s code repository.
  • One malicious code commit to Sushi’s private GitHub repository (miso-studio) resulted in the theft of 864.8 Ethereum tokens (worth $3 million).
  • An vehicle manufacturer was transferring the stolen funds through MISO’s auction portal.
  • Surprisingly, just a few hours after the hack, the attacker’s $3 million wallet balance began to decline. SushiSwap’s cryptocurrency reserve was replenished in increments of 65 ETH, 100 ETH, and 700 ETH.
  • The attacker returned the monies to the firm in a single day, it was disclosed. However, experts cautioned that this may not always be the case.

Following the event, the victim company tightened its supply chain security walls.

Also read,

  • According to Sonatype’s study, software supply chain hacks or cryptocurrency theft against cryptocurrency exchanges are becoming more common. The exploitation of vulnerabilities in these platforms has resulted in a major surge in supply-chain attacks.
  • Recently, an attack on pNetwork (a cross-chain decentralised finance protocol) resulted in the loss of 277 pBTC. At current pricing, the stolen cryptocurrency is worth more than $12 million.
  • Approximately $611 million in cryptocurrencies was stolen last month from a decentralised cross-chain protocol and network. Poly Network was chosen as the target company.

Supply chain assaults on cryptocurrency exchanges are becoming increasingly common. The SushiSwap issue demonstrates how a minor fault in the pull request or code review process can have serious effects. To avoid DevSevOps incidents, organizations must exercise extreme vigilance.