Menu
Browse

Cyber Threat Actor: AristoK3

Actor Type Location Known Incidents
 Icon
Criminal
China
1 incident
Profile

AristoK3 is an alias usedby an individual or group known to have carried out a supply chain attack on the SushiSwap MISO token launchpad in September 2021. The actor is associated with the GitHub handle AristoK3 and, according to available information, is located in China. The attack involved gaining access to the project’s code repository and pushing a malicious commit that altered the auctionWallet address during a token auction, allowing the transfer of approximately 864.8 Ethereum, valued at around $3 million, to an attacker‑controlled wallet. After the theft was discovered, the actor returned the stolen funds to a multisig pool designated by SushiSwap, a move described in the reporting as likely resulting from law‑enforcement pressure.

The incident demonstrates a targeting focus on decentralized finance platforms, specifically a token launchpad used for issuing new DeFi tokens. The actor’s tactics centered on a software supply chain approach: exploiting trusted repository access to insert unauthorized code that redirected funds at the point of auction creation. No specific malware families or custom tooling were referenced in the source material; the primary tooling appeared to be standard version‑control operations and a malicious code commit. The attack impacted a single auction, which was subsequently patched, and the funds were traced through blockchain analysis before being returned.

Public attribution ties the activity to the alias AristoK3 and notes a possible Chinese location, but no explicit links to state sponsors, criminal consortia, or broader campaigns have been established in the reporting. The SushiSwap MISO supply chain incident remains the sole publicly documented operation associated with this actor, serving as a representative example of their observed methodology involving repository compromise and financial theft via smart‑contract manipulation.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source