Home Β» Security Breach Hits Leading DApps Utilizing Ledger Connector Library

Security Breach Hits Leading DApps Utilizing Ledger Connector Library

DApps including SushiSwap, face a security crisis as the Ledger connector library suffers compromise, prompting urgent user caution.

by Isaac lane
0 comment

In a startling development on December 14, a significant security breach impacted various decentralized applications (DApps) relying on Ledger’s connector library. Notable platforms affected include SushiSwap, Zapper, and Revokecash, as reported by SushiSwap’s Chief Technical Officer, Mathew Lilley.

Compromised Web3 Connector Raises Alarms

Lilley revealed that a widely-used Web3 connector associated with Ledger’s library has fallen victim to a breach, allowing the injection of malicious code into multiple DApps. The compromised code reportedly inserted a drainer account address, potentially putting user assets at risk.

Ledger Faces Accountability Amidst Ongoing Vulnerability

Attributing the ongoing vulnerability to Ledger, SushiSwap’s CTO pointed fingers at Ledger’s content delivery system (CDN). Allegedly, a series of critical errors occurred, starting with the loading of compromised JavaScript from an insecure CDN, coupled with the absence of version-locking for the loaded JS.

Heightened Risks for Users

The compromised Ledger connector library, widely adopted by various DApps, has added a wallet drainer, introducing the possibility of unauthorized asset access. While the draining process may not occur autonomously, prompts from browser wallets, such as MetaMask, may expose users to malicious actors.

On-Chain Analysts Issue Stark Warning

On-chain analysts are urging users to steer clear of any DApps utilizing the Ledger connector, emphasizing the vulnerability of the connect-kit-loader. The severity of the breach prompts a collective call for heightened security measures and a thorough review of applications relying on Ledger’s infrastructure.

As the situation unfolds, affected DApps are urged to implement immediate security patches, and users are advised to exercise caution and potentially refrain from interacting with Ledger-connected applications until the all-clear is given.

Stay tuned for updates as the DeFi community navigates through this security challenge.

Related Posts :

footer logo

@2023 – All Right Reserved.

Incubated bydesi crypto logo