ST Alpha - "DeFi platform SushiSwap hit with "supply chain attack". Really, it boiled down to someone with commit access to their code injecting their own wallet" (Reading a Post)

SlickerTalk
Search Archives
The Leaderboard
The FAQ

Down to Post

Backboards:

Posts: 152

DeFi platform SushiSwap hit with "supply chain attack". Really, it boiled down to someone with commit access to their code injecting their own wallet

Posted by oblique (aka kkuphal) Sep 17 '21, 10:34

address into the source code. I wouldn't call this a supply chain attack but rather non-existent basic InfoSec protocols. Granted this was specifically with MISO (Minimal Initial SushiSwap Offering) platform but it should never happen.

https://arstechnica.com/information-technology/2021/09/cryptocurrency-launchpad-hit-by-3-million-supply-chain-attack/ (arstechnica.com)

Responses:

Seems like a wallet is a secret that shouldn't be hard coded, but should be set by config vars or encrypted environment vars -- nm - Beryllium Sep 17, 12:28
and yes, once again, all the stolen funds have been returned -- (link) - oblique Sep 17, 10:38 1
- crypto-thieves are dumb -- nm - decline Sep 17, 11:21

Post a message top

DeFi platform SushiSwap hit with "supply chain attack". Really, it boiled down to someone with commit access to their code injecting their own wallet

Replies are disabled on threads older than 7 days.