Multiple dApps Compromised in Recent Hack
Software experts have confirmed that several popular decentralized applications (dApps) were compromised following a hack against a widely-used Web3 connector. The attack affected the “Ledger Connector,” a tool from the popular wallet provider Ledger, which allows users to connect their mobile wallets to various dApps. As a result, any dApp that uses Ledger’s connect kit may have been impacted by the hack. In response, Matthew Lilley, CTO of SushiSwap, advised users not to interact with any dApps until further notice. However, Ledger has since identified and removed the malicious code from its libraries, ensuring that user wallets remain uncompromised.
Concerns and Affected Applications
Many users expressed concerns about the authenticity of the updates provided by Ledger during the incident. Additionally, several dApps were confirmed to be affected by the hack, including Sushi, Zapper, and Revoke.cash. The compromised code included new fields that were inserted into Ledger’s software library without authorization.
Expert Warning: Avoid Using dApps
Hudson Jameson, VP of Polygon Labs, acknowledged the hack and advised crypto users to avoid using any dApps at this time. He emphasized the risk associated with using dApps if users are unaware of the backend libraries they utilize. While visiting dApp websites alone does not put funds at risk, certain prompts from browser wallets could lead users to mistakenly transfer their assets to hackers.
Previous Security Issues with Ledger
This is not the first time Ledger has faced security concerns. In May, the company received backlash for its “Ledger Recover” wallet service, which raised fears about potential extraction of private keys from user wallets. Although Ledger resolved those issues and launched the product in late October, this recent hack has raised further questions about the company’s security practices.
Hot Take: Popular dApps Compromised in Web3 Connector Hack
Multiple decentralized applications (dApps) have been compromised in a recent hack targeting a widely-used Web3 connector. The attack targeted the “Ledger Connector,” a tool provided by Ledger, a popular wallet provider. This incident raises concerns about the security of dApps and highlights the potential risks associated with using them. Users are advised to refrain from interacting with any dApps until the situation is resolved. While Ledger has taken steps to remove the malicious code and protect user wallets, it is essential for users to remain cautious and informed about the backend libraries utilized by dApps. This incident also adds to previous security issues faced by Ledger, raising questions about the company’s commitment to user protection.
By
By
By
By
By
By