Sushi CTO Warns Ledger Connector Exploited: How to Stay Safe
- Sushi CTO Matthew Lilley has called attention to a Ledger connector exploit.
- The exploit compromises multiple DApps.
- Learn how to stay safe.
On Thursday, December 14, Sushi CTO Matthew Lilley warned of a large-scale exploit affecting multiple decentralized applications. If you come across this warning, keep calm.
DailyCoin is here with a breakdown of what we know and what you can do to stay safe.
A Ledger Connector Exploit
Per Lilley’s Thursday post on X, it appears that a Ledger -provided connector kit used by several DApps had been compromised. The exploit allows malicious actors to hijack the front end of DApps using the connector.
Lilley’s warning has been corroborated by Yearn Finance contributor “banteg,” who warned that a Ledger library had been compromised and replaced with a drainer, adding that the “connect-kit-loader” is also vulnerable.
Who Is Affected?
The full list of affected DApps remains unclear, but Sushiswap, Zapper, and RevokeCash are among the confirmed platforms affected by the exploit.
AMLBot co-founder Slava Demchuk told DailyCoin that the attack was likely to have far-reaching effects with millions at stake.
“The implication of this attack is robust considering Ledger has a very wide integration in the industry. Consequently, I suspect millions of funds may be stolen,” he noted.How To Stay Safe
The attack only gives hackers access to the front end of affected DApps, not the wallet of users or the project. But if a user interacts with the interface of an affected DApp, the exploiter can divert the user’s funds. Below are some tips to stay safe:
- Do not interact with any DApp until Ledger confirms a fix has been implemented.
- If you must interact with a DApp, contact your service provider before using the DApp to confirm whether the DApp is affected.
- Report any suspicious or unauthorized wallet activity to the concerned departments.
On the Flipside
- Ledger has confirmed that it is working on pushing the code to fix the problem.
- Aave founder Stani Kulechov claims that Aave is unaffected by the exploit.
Why This Matters
The Web3 connector exploit affects multiple DApps and could lead to losses for several users.
Read this to learn about the Voucher NFT scam:
ETH, Polygon Users at Risk in New NFT Scam: How to Stay Safe
Learn how Polygon benefits from CCTP support:
Here’s How Polygon Benefits From Circle (USDC) CCTP Support
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bridging RWAs to DeFi: Blockchain project expands services with major relaunch
USDX built to support DeFi ecosystem growth: Hex Trust CEO
Australia’s ‘Barefoot Investor’ takes on crypto scammers stealing his likeness
Italy fines OpenAI $15M over data protection, privacy breaches