Sushi CTO Warns Ledger Connector Exploited: How to Stay Safe
- Sushi CTO Matthew Lilley has called attention to a Ledger connector exploit.
- The exploit compromises multiple DApps.
- Learn how to stay safe.
On Thursday, December 14, Sushi CTO Matthew Lilley warned of a large-scale exploit affecting multiple decentralized applications. If you come across this warning, keep calm.
DailyCoin is here with a breakdown of what we know and what you can do to stay safe.
A Ledger Connector Exploit
Per Lilley’s Thursday post on X, it appears that a Ledger -provided connector kit used by several DApps had been compromised. The exploit allows malicious actors to hijack the front end of DApps using the connector.
Lilley’s warning has been corroborated by Yearn Finance contributor “banteg,” who warned that a Ledger library had been compromised and replaced with a drainer, adding that the “connect-kit-loader” is also vulnerable.
Who Is Affected?
The full list of affected DApps remains unclear, but Sushiswap, Zapper, and RevokeCash are among the confirmed platforms affected by the exploit.
AMLBot co-founder Slava Demchuk told DailyCoin that the attack was likely to have far-reaching effects with millions at stake.
“The implication of this attack is robust considering Ledger has a very wide integration in the industry. Consequently, I suspect millions of funds may be stolen,” he noted.How To Stay Safe
The attack only gives hackers access to the front end of affected DApps, not the wallet of users or the project. But if a user interacts with the interface of an affected DApp, the exploiter can divert the user’s funds. Below are some tips to stay safe:
- Do not interact with any DApp until Ledger confirms a fix has been implemented.
- If you must interact with a DApp, contact your service provider before using the DApp to confirm whether the DApp is affected.
- Report any suspicious or unauthorized wallet activity to the concerned departments.
On the Flipside
- Ledger has confirmed that it is working on pushing the code to fix the problem.
- Aave founder Stani Kulechov claims that Aave is unaffected by the exploit.
Why This Matters
The Web3 connector exploit affects multiple DApps and could lead to losses for several users.
Read this to learn about the Voucher NFT scam:
ETH, Polygon Users at Risk in New NFT Scam: How to Stay Safe
Learn how Polygon benefits from CCTP support:
Here’s How Polygon Benefits From Circle (USDC) CCTP Support
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
1MCHEEMSUSDT now launched for futures trading and trading bots
Bitget has launched 1MCHEEMSUSDT for futures trading with a maximum leverage of 20, along with support for futures trading bots, on November 25, 2024 (UTC+8). Welcome to try futures trading via our official website (www.bitget.com) or Bitget APP. 1MCHEEMSUSDT-M perpetual futures: Parameters Details
Token listing: Instantly buy/sell BTC with EUR & BRL via cash conversion!
Bitget users can now instantly buy or sell BTC with EUR or BRL balances via cash conversion! Buy/Sell Crypto Tips: Enjoy a transaction fee rebate in USDT on your first cash conversion transaction! Additional perks >>> Flash Monday: Buy crypto with a credit/debit card for zero fees >>> Flash Thursda
Orbiter Finance collaborates with the Ethereum Foundation and the University of California, Santa Barbara to enhance the security model of bridging p
Since its establishment in 2021, Orbiter has been deeply exploring security, aiming to become a reliable infrastructure in the cross-chain field.
OXTUSDT now launched for futures trading and trading bots
Bitget has launched OXTUSDT for futures trading with a maximum leverage of 25, along with support for futures trading bots, on November 25, 2024 (UTC+8). Welcome to try futures trading via our official website (www.bitget.com) or Bitget APP. OXTUSDT-M perpetual futures: Parameters Details Listing t