SushiSwap's token platform, Miso, was hit with a supply chain attack that landed the attacker more than $3 million worth of Ethereum. Malicious code was injected into the platform's frontend by a contractor who submitted a pull request. The attacker was able to target a car-themed NFT auction called "Jay Pegs Auto Mart". However, the team discovered the identity of the attacker and the funds were returned after some legal threats.

"Inside the Hunt for the Jay Pegs Auto Mart Thief and 865 ETH"

Another DeFi Hack: $3M in ETH Stolen From SushiSwap’s Token Platform

"$3M Was Stolen, but the Real Steal Is These Kia Sedonas, Say Anonymous Developers"

Web3 is Going Just Great

Supply chain attack drains $3 million from SushiSwap