Ledger library flaw affects SushiSwap, Revoke.cash dapps
SushiSwap Chief Technical Officer Mathew Lilley has disclosed the compromise of a widely employed web3 connector within Ledger’s delivery network. The breach has enabled malicious code injection into numerous decentralized applications ( dapps ). Removal of malicious provider Lilley contended that Ledger’s content delivery network was compromised, leading to the loading of JavaScript from the compromised network. RED ALERT : Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps. — I'm Software (@MatthewLilley) December 14, 2023 The compromised Ledger connector library , widely employed by various dapps and overseen by Ledger, has seen the addition of a wallet drainer. While assets may not be drained automatically from a user’s account, prompts from browser wallets like MetaMask could potentially provide ma...