The vulnerability raised by the CTO of decentralized finance protocol Sushi has already affected many DeFi platforms.
According to the statement made by Sushi CTO Matthew Lilley LedgerHQ/connect-kit using the package each of the decentralized applications (dApps)faces a security vulnerability.
lilly, “Do not use ANY dApps until further notice. “This is not an isolated attack on one location, but a large-scale attack on multiple dApps.” in warning found.
The attacker, according to npmjs information, today Türkiye time At 12:44 Adding a malicious update to @ledgerhq/connect-kit in users’ wallets withdrawing money placed a code.
Some DeFi platforms quickly began to take precautions due to this confirmed vulnerability. Automatic market maker Balancer, “We recommend that all users be as cautious as possible and avoid using the Balancer front-end until we have more information.” description made.
In the statement made by the Revoke Cash team, “Many popular crypto applications that integrate with Ledger’s ConnectKit library, including Revoke.cash, have suffered a security breach.” It was said. Revoke.cash’s site has been temporarily taken offline as a precaution.