CTO of Sushi, one of the largest decentralized finance (DeFi) protocols, warned of a vulnerability affecting the entire industry.
Sushi CTO Matthew Lilley, social media from your account, “Do not use ANY decentralized applications (dApps) until further notice.” made the statement.
lilly, “It appears that a widely used web3 connector has been compromised, leading to the injection of malicious code affecting many dApps.” said.
According to the statements of Sushi CTO, the code causing the security vulnerability is hardware wallet provider It can be seen on Ledger’s Github profile.
Blockaid’s first to the findings according to ledgerconnect potentially a supply chain attack may have been made. The attacker attacked the package A code that empties digital wallets It was reported that he added.
lilly, “LedgerHQ/connect-kit loads JavaScript (JS) from a CDN, their CDN account is compromised and injects malicious JS code into multiple dApps.” said.
Lilley responded to the question of whether this vulnerability only affects Sushi applications: “No, practically all dApps (using) the Ledger connector.” he replied.
DeFi sites such as Sushi, Zapper, and Revoke Cash were reportedly affected due to suspicious code.