Multiple DApps using Ledger connector compromised

Paxful
Bitbuy

[ad_1]

The front end of multiple decentralized applications (DApps) using Ledger’s connector, including Zapper, Sushiswap, and Revoke.cash, were compromised earlier on Dec. 14. 

SushiSwap chief technical officer Mathew Lilley reported that a commonly used Web3 connector has been compromised, allowing malicious code to be injected into numerous DApps. The on-chain analyst said that the Ledger library confirmed the compromise where the vulnerable code inserted the drainer account address.

Ledger connector is a library that is used by many DApps and maintained by Ledger. It has been compromised and a wallet drainer was added. The draining of funds from a user’s account might not happen on its own. However, prompts from your browser wallet (like MM) will display that give their assets to the malicious actors.

On-chain analysts warned users to avoid using any DApps using the Ledger connector while adding that the connect-kit-loader is also vulnerable at the moment.

bybit

This is a developing story, and further information will be added as it becomes available.



[ad_2]

Source link

Coinbase