Decentralized Apps Face Security Breach via Ledger's Connector; Users Urged Caution
Summary:
On December 14, multiple decentralized applications (DApps) including Zapper, Sushiswap and Revoke.cash experienced a security breach via Ledger's connector, a popular Web3 connector. The breach allowed for the insertion of a malicious draining code. Users have been advised to avoid using any DApps connected to Ledger until further notice. The situation is currently evolving, and more information will be provided as it becomes available.
On December 14, multiple decentralized applications (DApps) that utilize the Ledger connector, such as Zapper, Sushiswap or Revoke.cash were subjected to a cyber breach. Tech guru at SushiSwap, Mathew Lilley, unveiled the security glitch in a popular Web3 connector, which perpetrated an insertion of a harmful code into an array of DApps. The infiltration was confirmed by the Ledger library as it spotted a suspicious drainer account address hidden within the compromised code. An urgent warning was issued to all users, advising them against any interaction with DApps till further notice.
Maintained by Ledger, the Ledger connector is a library tool heavily employed by numerous DApps. This tool was infiltrated, and a wallet draining code was implanted. This means that user accounts could potentially be drained, particularly if browser wallets display prompts that inadvertently reward the cyber culprits. Expert analysts in the on-chain sector have cautioned users to refrain from using DApps connected to Ledger. They also reported that the currently susceptible 'connect-kit-loader'.
The Ledger's @ledgerhq/connect-kit npm package seems to have been hacked, with the most recent activity occurring just 2 hours ago, according to a tweet from Scam Sniffer, a Web3 anti-scam watchdog. With developments emerging, more information will be updated as and when it comes to light.
Published At
12/14/2023 4:24:44 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.