SAO PAULO – The MISO platform, which raises funds and offers semi-ready smart contracts to launch projects on the decentralized exchange (DEX) SushiSwap (SUSHI), was the target of a hacker attack in the early hours of Friday (17) and the main suspect is a from its own developers.

By building the solution’s user interface, he would have prepared the ground to facilitate the offensive carried out in the last hours and which would have resulted in the theft of almost US$3 million (R$15.8 million) in cryptocurrencies.

the episode of supply chain attack (supply chain attack), which occurs when someone in the supply chain is responsible for the breach, has directly impacted the SUSHI cryptocurrency, which powers SushiSwap. The token currently drops about 17% in the last 24 hours and was trading at US$ 13.04 at the close of the story, approximately 45% below the historical high of US$ 23.38 registered on May 13 of this year.

Decentralized finance (DeFi) projects like MISO are considered too risky precisely because of the high probability of attacks and coups. Hackers often exploit loopholes in the rules of smart contracts, triggering triggers not anticipated by developers with the main objective of diverting funds deposited by users who intended, for example, to receive interest on their cryptocurrencies. In today’s case, however, the trigger was secretly injected by whoever helped create the system.

The hacker, identified as a contract developer who has a history of collaborating with other known projects, managed to steal 864.8 Ether (ETH), which this morning is equivalent to $2.97 million.

According to members of SushiSwap’s team of developers, the hacker would have altered a protocol wallet designed to receive cryptocurrencies from investors and replaced it with his own address. Thus, users who thought they were buying tokens on the platform were actually handing the amounts into the attacker’s hands.

Now, the team is working to trigger cryptocurrencies to try to block the hacker’s accounts and prevent the cryptocurrencies from being exchanged or withdrawn.

Blocking is possible due to the open nature of cryptocurrencies, whose transaction information is openly available on the blockchain – in practice, it is enough to know which addresses to look for to have access to a complete transaction history and follow the path of values ​​until they reach one grant to be exchanged for fiat money.

It’s the second time in a month that the MISO platform has a serious security bug. On August 17, a hacker white hat (“hacker do bem”), an expert at the firm Paradigm, discovered a loophole in a smart contract that could result in a loss of $350 million (R$1.85 billion) if released without correction. The solution was found and fixed shortly before going live.

The most recent case is responsible for a 12% drop in the total amount of amounts deposited in SushiSwap contracts, according to data from the DeFi Pulse portal. Still, the protocol remains the third largest among decentralized exchange projects. With US$ 4.15 billion (R$ 22.05 billion) in deposits, it is second only to Uniswap, with US$ 6.61 billion (R$ 35.1 billion), and Curve Finance, with US$ 12. 61 billion (R$ 67 billion).

