Categories: WORLD

SushiSwap and other DeFi protocols have announced a security breach in the Ledger library

The LedgerConnect library was compromised by hackers who replaced it with a contract to steal assets. Experts recommend not connecting to any decentralized applications due to this incident. They also clarified that SushiSwap, Revoke Cash and Zapper were also affected by this compromise.

The SushiSwap CTO posted on his X (formerly Twitter) that the LedgerConnect library had been compromised, affecting decentralized applications (dApps).

“Do not interact with any decentralized applications until further notice. It appears that the widely used Web3 connector has been compromised, allowing the injection of malicious code that affects many dApps,” the report said.

confirmed the hack in a post on X. They reported that they were working to fix the problem and urged not to connect to dApps.

Revoke Cash also reported The company has taken the site offline as it conducts an investigation.

Hacken analysts also urged not to interact with dApps.

In a comment to Incrypted, Hacken experts explained:

“The Ledger Connect Kit library has been compromised. Accordingly, every website (dApp) that uses it is also compromised. Malicious code is loaded onto it and begins to work on the principle of phishing. If the user does not interact with these sites, then he is not in any danger at all. But we can’t say for sure who uses them besides SushiSwap, Zapper and RevokeCash. Therefore, for your own safety, you need to wait until this problem is fixed. It’s unlikely that it will take very long.”

Representatives of the team of the analytical company HAPI noted in a conversation with Incrypted that as a result of compromise, the modal window for connecting the wallet during authorization is replaced:

“This is a popular Web3 connector, it puts a lot of protocols and wallets at risk. It’s better not to do anything to anyone for now. Do not interact with any dApp. Users of any dApp and any wallet that interacts with them are at risk. Not only Ledger Live" .

Update: Ledger announced that it had discovered and removed a malicious version of the Ledger Connect Kit:

“Now a real version is being released to replace the malicious file. Do not interact with any applications for now. We will keep you informed as the situation develops. Your Ledger and Ledger Live device have not been compromised."

Update 2: Tether CEO Paolo Ardoino reported that the hacker's address has been frozen.

Incrypted will continue to monitor developments. We will update the material when new details become available.

legenda

Recent Posts

During a full-scale war, the Ukrainian Student League collaborated with the Russian oligarch’s foundation

In 2022, the Ukrainian Student League (USL) collaborated with the Rassvet Foundation, founded by Russian oligarch Mikhail…

4 days ago

Employees of a fraudulent call center network detained in Russia: details

In Russia, managers and employees of a “branch” of an international network of call centers were exposed. This was reported by RBC-Ukraine...

2 weeks ago

Why did the judicial “under-reformer” Mikhail Zhernakov decide to criticize the legal profession?

Mikhail Zhernakov is one of the most public figures in the field of judicial reform in Ukraine, which...

3 weeks ago

The pointless “book club” of the Ministry of Culture

The ministry spent tens of millions on printing unnecessary books in “its” publishing houses. The Ministry of Culture during...

4 weeks ago

More than two state budgets. How money is withdrawn from Ukraine

Over more than 30 years of independence, at least $100 billion has been withdrawn from Ukraine abroad,...

4 weeks ago

“Decided” by the tax office Andrei Gmyrin organized a business with Russians and relatives of judges

Remember the former head of the Tax Service of Ukraine, Roman Nasirov, who wrapped himself in a blanket, pretending to be seriously ill in...

4 weeks ago

This website uses cookies.