Sushi CTO Warns Ledger Connector Exploited: How to Stay Safe
- Sushi CTO Matthew Lilley has called attention to a Ledger connector exploit.
- The exploit compromises multiple DApps.
- Learn how to stay safe.
On Thursday, December 14, Sushi CTO Matthew Lilley warned of a large-scale exploit affecting multiple decentralized applications. If you come across this warning, keep calm.
DailyCoin is here with a breakdown of what we know and what you can do to stay safe.
A Ledger Connector Exploit
Per Lilley’s Thursday post on X, it appears that a Ledger -provided connector kit used by several DApps had been compromised. The exploit allows malicious actors to hijack the front end of DApps using the connector.
Lilley’s warning has been corroborated by Yearn Finance contributor “banteg,” who warned that a Ledger library had been compromised and replaced with a drainer, adding that the “connect-kit-loader” is also vulnerable.
Who Is Affected?
The full list of affected DApps remains unclear, but Sushiswap, Zapper, and RevokeCash are among the confirmed platforms affected by the exploit.
AMLBot co-founder Slava Demchuk told DailyCoin that the attack was likely to have far-reaching effects with millions at stake.
“The implication of this attack is robust considering Ledger has a very wide integration in the industry. Consequently, I suspect millions of funds may be stolen,” he noted.How To Stay Safe
The attack only gives hackers access to the front end of affected DApps, not the wallet of users or the project. But if a user interacts with the interface of an affected DApp, the exploiter can divert the user’s funds. Below are some tips to stay safe:
- Do not interact with any DApp until Ledger confirms a fix has been implemented.
- If you must interact with a DApp, contact your service provider before using the DApp to confirm whether the DApp is affected.
- Report any suspicious or unauthorized wallet activity to the concerned departments.
On the Flipside
- Ledger has confirmed that it is working on pushing the code to fix the problem.
- Aave founder Stani Kulechov claims that Aave is unaffected by the exploit.
Why This Matters
The Web3 connector exploit affects multiple DApps and could lead to losses for several users.
Read this to learn about the Voucher NFT scam:
ETH, Polygon Users at Risk in New NFT Scam: How to Stay Safe
Learn how Polygon benefits from CCTP support:
Here’s How Polygon Benefits From Circle (USDC) CCTP Support
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
CloneX NFTs Hit a Wall as Images Vanish From OpenSea
SUI Jumps 73% After Grayscale and Mastercard Boost
SUI gains 73% in a week, driven by a Grayscale Trust listing and a strategic partnership with Mastercard.SUI Skyrockets After Major Institutional MovesMastercard Partnership Fuels Adoption HopesWhat’s Next for SUI?
Whale Buys Back 8K ETH, Nets $159K in 10 Days
Whale repurchases 8,012 ETH at $1,779, repays debt, and earns $159K from ETH trading over 10 days.Whale Re-Enters ETH With $14M BuybackSmart Debt Management and Strategic TimingProfit Through Precision
Solana Price Eyes $162, Cardano Slides Again, While Unstaked Presale Goes Viral in April 2025
Explore a timely comparison of Cardano, Solana, and Unstaked ($UNSD) focusing on real-time utility, price levels, and presale potential. Find out what crypto to invest in for both short-term strategy and long-term value.Cardano Slides Back Into Multi-Year RangeSolana Faces Crucial Test Near Largest Supply ClusterUnstaked Is More Than Hype: A Real Use Case in a Meme-Driven MarketUtility, Timing, and the Case for $UNSD
Trending news
MoreCrypto prices
More
