The LedgerConnect library was compromised by hackers who replaced it with a contract to steal assets. Experts recommend not connecting to any decentralized applications due to this incident. They also clarified that SushiSwap, Revoke Cash and Zapper were also affected by this compromise.
The SushiSwap CTO posted on his X (formerly Twitter) that the LedgerConnect library had been compromised, affecting decentralized applications (dApps).
“Do not interact with any decentralized applications until further notice. It appears that the widely used Web3 connector has been compromised, allowing the injection of malicious code that affects many dApps,” the report said.
confirmed the hack in a post on X. They reported that they were working to fix the problem and urged not to connect to dApps.
Revoke Cash also reported The company has taken the site offline as it conducts an investigation.
Hacken analysts also urged not to interact with dApps.
In a comment to Incrypted, Hacken experts explained:
“The Ledger Connect Kit library has been compromised. Accordingly, every website (dApp) that uses it is also compromised. Malicious code is loaded onto it and begins to work on the principle of phishing. If the user does not interact with these sites, then he is not in any danger at all. But we can’t say for sure who uses them besides SushiSwap, Zapper and RevokeCash. Therefore, for your own safety, you need to wait until this problem is fixed. It’s unlikely that it will take very long.”
Representatives of the team of the analytical company HAPI noted in a conversation with Incrypted that as a result of compromise, the modal window for connecting the wallet during authorization is replaced:
“This is a popular Web3 connector, it puts a lot of protocols and wallets at risk. It’s better not to do anything to anyone for now. Do not interact with any dApp. Users of any dApp and any wallet that interacts with them are at risk. Not only Ledger Live" .
Update: Ledger announced that it had discovered and removed a malicious version of the Ledger Connect Kit:
“Now a real version is being released to replace the malicious file. Do not interact with any applications for now. We will keep you informed as the situation develops. Your Ledger and Ledger Live device have not been compromised."
Update 2: Tether CEO Paolo Ardoino reported that the hacker's address has been frozen.
Incrypted will continue to monitor developments. We will update the material when new details become available.