Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Sushi CTO Warns Ledger Connector Exploited: How to Stay Safe

Sushi CTO Warns Ledger Connector Exploited: How to Stay Safe

DailyCoinDailyCoin2023/12/14 16:07
By:DailyCoin
  • Sushi CTO Matthew Lilley has called attention to a Ledger connector exploit.
  • The exploit compromises multiple DApps.
  • Learn how to stay safe.

On Thursday, December 14, Sushi CTO Matthew Lilley warned of a large-scale exploit affecting multiple decentralized applications. If you come across this warning, keep calm. 

DailyCoin is here with a breakdown of what we know and what you can do to stay safe.

A Ledger Connector Exploit

Per Lilley’s Thursday post on X, it appears that a Ledger -provided connector kit used by several DApps had been compromised. The exploit allows malicious actors to hijack the front end of DApps using the connector.

ANY dApp which makes use of LedgerHQ/connect-kit is vulnerable. Don't use ANY dApps until further notice. This isn't a single isolated attack, it's a large-scale attack on multiple dApps. https://t.co/a3brXNQSx9

— I'm Software 🦇🔊 (@MatthewLilley) December 14, 2023

Lilley’s warning has been corroborated by Yearn Finance contributor “banteg,” who warned that a Ledger library had been compromised and replaced with a drainer, adding that the “connect-kit-loader” is also vulnerable.

Who Is Affected?

The full list of affected DApps remains unclear, but Sushiswap, Zapper, and RevokeCash are among the confirmed platforms affected by the exploit.

AMLBot co-founder Slava Demchuk told DailyCoin that the attack was likely to have far-reaching effects with millions at stake.

“The implication of this attack is robust considering Ledger has a very wide integration in the industry. Consequently, I suspect millions of funds may be stolen,” he noted.

How To Stay Safe

The attack only gives hackers access to the front end of affected DApps, not the wallet of users or the project. But if a user interacts with the interface of an affected DApp, the exploiter can divert the user’s funds. Below are some tips to stay safe:

  • Do not interact with any DApp until Ledger confirms a fix has been implemented.
  • If you must interact with a DApp, contact your service provider before using the DApp to confirm whether the DApp is affected.
  • Report any suspicious or unauthorized wallet activity to the concerned departments.

On the Flipside

  • Ledger has confirmed that it is working on pushing the code to fix the problem.
  • Aave founder Stani Kulechov claims that Aave is unaffected by the exploit.

Why This Matters

The Web3 connector exploit affects multiple DApps and could lead to losses for several users.

Read this to learn about the Voucher NFT scam:
ETH, Polygon Users at Risk in New NFT Scam: How to Stay Safe

Learn how Polygon benefits from CCTP support:
Here’s How Polygon Benefits From Circle (USDC) CCTP Support

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!