Sushi CTO Warns Ledger Connector Exploited: How to Stay Safe

Sushi CTO Matthew Lilley warns of a Ledger connector exploit compromising multiple DApps.

by . Fact checked by: Ciaran Lawler, Editor: Nazar Kuzmyn
Published:
Sushiswap warning about crumbling Web3.
Created by Kornelija Poderskytė from DailyCoin
Google News Follow Button
  • Sushi CTO Matthew Lilley has called attention to a Ledger connector exploit.
  • The exploit compromises multiple DApps.
  • Learn how to stay safe.

On Thursday, December 14, Sushi CTO Matthew Lilley warned of a large-scale exploit affecting multiple decentralized applications. If you come across this warning, keep calm. 

DailyCoin is here with a breakdown of what we know and what you can do to stay safe.

A Ledger Connector Exploit

Per Lilley’s Thursday post on X, it appears that a Ledger-provided connector kit used by several DApps had been compromised. The exploit allows malicious actors to hijack the front end of DApps using the connector.

Lilley’s warning has been corroborated by Yearn Finance contributor “banteg,” who warned that a Ledger library had been compromised and replaced with a drainer, adding that the “connect-kit-loader” is also vulnerable.

Who Is Affected?

The full list of affected DApps remains unclear, but Sushiswap, Zapper, and RevokeCash are among the confirmed platforms affected by the exploit.

AMLBot co-founder Slava Demchuk told DailyCoin that the attack was likely to have far-reaching effects with millions at stake.

“The implication of this attack is robust considering Ledger has a very wide integration in the industry. Consequently, I suspect millions of funds may be stolen,” he noted.

How To Stay Safe

The attack only gives hackers access to the front end of affected DApps, not the wallet of users or the project. But if a user interacts with the interface of an affected DApp, the exploiter can divert the user’s funds. Below are some tips to stay safe:

  • Do not interact with any DApp until Ledger confirms a fix has been implemented.
  • If you must interact with a DApp, contact your service provider before using the DApp to confirm whether the DApp is affected.
  • Report any suspicious or unauthorized wallet activity to the concerned departments.

On the Flipside

  • Ledger has confirmed that it is working on pushing the code to fix the problem.
  • Aave founder Stani Kulechov claims that Aave is unaffected by the exploit.

Why This Matters

The Web3 connector exploit affects multiple DApps and could lead to losses for several users.

Sponsored

Read this to learn about the Voucher NFT scam:
ETH, Polygon Users at Risk in New NFT Scam: How to Stay Safe

Learn how Polygon benefits from CCTP support:
Here’s How Polygon Benefits From Circle (USDC) CCTP Support

DailyCoin Newsletter

The hottest crypto news, straight to your inbox!

newsletter icon

Get a daily dose of crypto stories in a quick read with a tongue-in-cheek twist! Suitable for everyone, from crypto newbs to battle-tested veterans.

      You can easily unsubscribe at any time. Spoiler Alert: You won’t want to!

      This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

      Tags
      Author
      Okoya David
      Okoya David

      David Okoya is a crypto news reporter at DailyCoin based in Nigeria. He covers various topics related to the cryptocurrency industry, including exchanges, regulations, and price movements, and strives to bring fresh angles to breaking news. With experience as a freelance crypto news writer, David upholds the highest journalistic standards, telling complete stories and answering lingering questions whenever possible.