miso-sushiswap
SushiSwap MISO launchpad commit redirected auction proceeds
On 2021-09-17 a contractor with merge access to the SushiSwap MISO (Minimal Initial Sushi Offering) launchpad GitHub repository pushed a single-line code change that swapped the auction's payout address with their own. Approximately 864.8 ETH (~$3 million at the time) raised through the Jay Pegs Auto Mart NFT auction was diverted to the attacker before SushiSwap engineers detected and reverted the commit. Because the attacker's wallet address was a known contractor wallet, SushiSwap was able to identify them and the funds were returned within hours.
- Date
- 2021-09-17
- Category
- Open Source
- Target Surface
- Revision control
- Insertion Phase
- source
- Impact
- Cryptocurrency theft
- Cause
- Insider threat
What Was Affected
Package
miso-sushiswap
Languagesolidity
ComponentApplication
Artifact typesource archive
Domain typecode host
Domain
github.com
Repository
github.com/sushiswap/miso
Incident Context
- Motive
- Cryptocurrency theft
- Attribution
- Insider
- Transitive
- No
- User Impact
- 1
- Observed Duration
- 0 days
External References
Source Data
Source record: oss/miso-sushiswap/meta.yaml