An attacker used a supply-chain assault to steal $3 million in cryptocurrency theft from the SushiSwap MISO cryptocurrency platform by infecting Sushi’s private GitHub repository.
- The attacker, according to analysts, was an unidentified contractor working on Sushi’s code repository.
- One malicious code commit to Sushi’s private GitHub repository (miso-studio) resulted in the theft of 864.8 Ethereum tokens (worth $3 million).
- An vehicle manufacturer was transferring the stolen funds through MISO’s auction portal.
- Surprisingly, just a few hours after the hack, the attacker’s $3 million wallet balance began to decline. SushiSwap’s cryptocurrency reserve was replenished in increments of 65 ETH, 100 ETH, and 700 ETH.
- The attacker returned the monies to the firm in a single day, it was disclosed. However, experts cautioned that this may not always be the case.
Following the event, the victim company tightened its supply chain security walls.
- According to Sonatype’s study, software supply chain hacks or cryptocurrency theft against cryptocurrency exchanges are becoming more common. The exploitation of vulnerabilities in these platforms has resulted in a major surge in supply-chain attacks.
- Recently, an attack on pNetwork (a cross-chain decentralised finance protocol) resulted in the loss of 277 pBTC. At current pricing, the stolen cryptocurrency is worth more than $12 million.
- Approximately $611 million in cryptocurrencies was stolen last month from a decentralised cross-chain protocol and network. Poly Network was chosen as the target company.
Supply chain assaults on cryptocurrency exchanges are becoming increasingly common. The SushiSwap issue demonstrates how a minor fault in the pull request or code review process can have serious effects. To avoid DevSevOps incidents, organizations must exercise extreme vigilance.