SushiSwap and Revoke.cash are two of the decentralized applications compromised using Ledger’s connector library.
Zapper, SushiSwap, Balancer, and Revoke.cash, all of which use Ledger’s connector, had their front ends compromised on Dec. 14.
An important Web3 connector used by many DApps has been compromised, according to SushiSwap’s Mathew Lilley. In the Ledger library, the vulnerability inserted the drainer account address, according to the on-chain analyst.
Ledger is being blamed for the ongoing vulnerabilities and compromises on multiple DApps, according to SushiSwap’s CTO. CTO claimed that Ledger’s content delivery network (CDN) had been compromised, followed by a series of terrible mistakes – including loading Java script from a compromised CDN without versioning it.
Many DApps use Ledger connector, which is maintained by Ledger. With the addition of a wallet drainer, users’ accounts may not drain automatically. It is possible for malicious actors to access the assets via prompts that appear from a browser wallet (like MM).
Users should avoid DApps using the Ledger connector, according to DAppsOn-chain analysts. Any DApp which makes use of LedgerHQ/connect-kit is vulnerable. On-chain analysts added that this isn’t a single isolated attack, rather a large-scale attack on multiple dApps.
It will take time for DApps that use Ledger’s Web3 libraries to become safe to use after the bad code is corrected in Ledger’s library, Polygon Labs vice president Hudson Jameson said.
An exploitable vulnerability in Ledger Connect Kit code has been fixed and a malicious version has been removed. Currently, a genuine version is replacing the malicious file.
“Ledger users are not at risk if not transacting. It is not exploitable on prior approvals. Revoke.cash specifically is affected, so don’t interact with it. the number of impacted funds is hundreds of thousands of dollars over the past two hours. Many websites are still affected, and users are getting hit.”
WHY WE SELL?
SushiSwap CTO Suspects Ledger Connect Compromise, Asks to Avoid Interacting With Any dApps
WHERE TO CONTACT US:
Website : WWW.CRYPTOTRADE1.COM
Twitter : https://twitter.com/cctrade11
Telegram : https://t.me/cctrade1
Facebook : www.facebook.com/cryptotrade1
Instagram : www.instagram.com/cryptotrade1/
YouTube : www.youtube.com/cryptotrade1
Email : info.cryptotrade1@gmail.com