Multiple decentralized applications using Ledger’s connector library have been compromised, including SushiSwap and Revoke.cash.
The front end of multiple decentralized applications (DApps) using Ledger’s connector, including Zapper, SushiSwap, Balancer and Revoke.cash, was compromised on Dec. 14.
SushiSwap chief technical officer Mathew Lilley reported that a commonly used Web3 connector has been compromised, allowing malicious code to be injected into numerous DApps. The on-chain analyst said the Ledger library confirmed the compromise where the vulnerable code inserted the drainer account address.
This is a developing story, and further information will be added as it becomes available.