In the rapidly developing market for non-fungible tokens, or NFTs, there have been numerous swindles, scams, and rug pulls. But this one stands out as a little odd.
To begin with, the NFT sale itself was unusual. The entire concept was based on a recent meme on crypto Twitter about the Kia Sedona car brand (the joke being that the Kia Sedona is a type of hard money). The sale was organized by a group of ten anonymous individuals who created a jazzy website called “Jay Pegs Auto Mart.” (It had nothing to do with the car manufacturer.)
DONA reservation tokens were on sale. These could be purchased through SushiSwap’s token sale platform Miso, which is run by the decentralized exchange SushiSwap. Each DONA token purchased during the sale could be exchanged for one of 10,000 2007 Kia Sedona NFTs.
And the token sale was a success. It raised 864.8 ether (ETH), which is worth $3.1 million. But what the anonymous team of shadowy super coders (another meme) didn’t expect when they chose Miso was for all of their funds to be whisked away.
An anonymous contractor, according to SushiSwap CTO Joseph Delong, inserted malicious code into the Miso platform, changing the destination address for all incoming funds in the token sale to their own address. According to Delong, the Jay Pegs Auto Mart sale was the only one affected, and all funds raised were stolen.
SushiSwap has asked crypto exchanges Binance and FTX to identify the hacker — by providing their KYC information — but they have not done so, according to Delong. He stated that if the funds are not returned by 8 a.m. ET, the platform has instructed Stephen Palley, a partner at Anderson Kill, to file a complaint with the FBI.
On the plus side, the Jay Pegs Auto Mart Twitter account assured buyers that, despite the lack of funds, the Kia Sedona NFTs would still be distributed.