btc
Bitcoin (BTC)
$99,218.00 0.86%
Bitcoin price
eth
Ethereum (ETH)
$3,647.71 0.38%
Ethereum price
bnb
BNB (BNB)
$713.03 0.16%
BNB price
sol
Solana (SOL)
$214.26 -1.01%
Solana price
xrp
XRP (XRP)
$2.40 -0.27%
XRP price
shib
Shiba Inu (SHIB)
$0.0000239 -1.04%
Shiba Inu price
pepe
Pepe (PEPE)
$0.0000206 -2.12%
Pepe price
bonk
Bonk (BONK)
$0.0000341 -3.18%
Bonk price
wif
dogwifhat (WIF)
$2.07 -4.34%
dogwifhat price
popcat
Popcat (POPCAT)
$0.85 -2.31%
Popcat price
btc
Bitcoin (BTC)
$99,218.00 0.86%
Bitcoin price
eth
Ethereum (ETH)
$3,647.71 0.38%
Ethereum price
bnb
BNB (BNB)
$713.03 0.16%
BNB price
sol
Solana (SOL)
$214.26 -1.01%
Solana price
xrp
XRP (XRP)
$2.40 -0.27%
XRP price
shib
Shiba Inu (SHIB)
$0.0000239 -1.04%
Shiba Inu price
pepe
Pepe (PEPE)
$0.0000206 -2.12%
Pepe price
bonk
Bonk (BONK)
$0.0000341 -3.18%
Bonk price
wif
dogwifhat (WIF)
$2.07 -4.34%
dogwifhat price
popcat
Popcat (POPCAT)
$0.85 -2.31%
Popcat price
btc
Bitcoin (BTC)
$99,218.00 0.86%
Bitcoin price
eth
Ethereum (ETH)
$3,647.71 0.38%
Ethereum price
bnb
BNB (BNB)
$713.03 0.16%
BNB price
sol
Solana (SOL)
$214.26 -1.01%
Solana price
xrp
XRP (XRP)
$2.40 -0.27%
XRP price
shib
Shiba Inu (SHIB)
$0.0000239 -1.04%
Shiba Inu price
pepe
Pepe (PEPE)
$0.0000206 -2.12%
Pepe price
bonk
Bonk (BONK)
$0.0000341 -3.18%
Bonk price
wif
dogwifhat (WIF)
$2.07 -4.34%
dogwifhat price
popcat
Popcat (POPCAT)
$0.85 -2.31%
Popcat price

Ledger library flaw affects SushiSwap, Revoke.cash dapps

ledger-library-flaw-affects-sushiswap-revoke-cash-dapps
Edited by
News
Ledger library flaw affects SushiSwap, Revoke.cash dapps

SushiSwap Chief Technical Officer Mathew Lilley has disclosed the compromise of a widely employed web3 connector within Ledgerโ€™s delivery network. 

The breach has enabled malicious code injection into numerous decentralized applications (dapps). Lookonchain said the hacker stole $484,000 in assets, including 4.334 Ether, and the Angel Drainer phishing scam continues to receive assets, currently holding $363,000 worth.

In an update, Tether has frozen the Ledger exploiterโ€™s address, effectively ending the scam.

Removal of malicious provider 

Lilley contended that Ledgerโ€™s content delivery network was compromised, leading to the loading of JavaScript from the compromised network.

https://twitter.com/MatthewLilley/status/1735275960662921638?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1735275960662921638%7Ctwgr%5Eec7eca1f1bbff1adb474cca46c68707afb990e9d%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcointelegraph.com%2Fnews%2Fmultiple-dapps-using-ledger-connector-compromised

The compromised Ledger connector library, widely employed by various dapps and overseen by Ledger, has seen the addition of a wallet drainer. While assets may not be drained automatically from a userโ€™s account, prompts from browser wallets like MetaMask could potentially provide malicious actors access to the assets, according to Lilleyโ€™s claims.

https://twitter.com/Ledger/status/1735291427100455293?s=20

The renowned cryptocurrency hardware wallet provider has since taken to X to announce the identification and removal of a malicious version of the Ledger Connect Kit. The company urges users to exercise caution and temporarily abstain from engaging with dapps.

Assuring the community of their proactive stance, Ledger has already initiated the deployment of a genuine replacement for the compromised file. Ledger also emphasizes that the security of user Ledger devices and Ledger Live remains intact, with no compromise detected.

An ongoing target

This is not the first time Ledger has been a target of malicious acts. On Nov. 5, crypto investigator ZachXBT raised an alert on the X platform regarding a fraudulent application named Ledger Live Web3. 

This deceptive application mimicked the legitimate Ledger Live app, an official user interface for storing crypto assets offline using hardware wallets, effectively causing users to lose $800,000.