Hacker inserted code into Ledger's ConnectKit library that displayed fake wallet connection prompts aimed at draining users' funds.
DeFi platforms SushiSwap, Zapper, and Revoke.cash were compromised today after a suspected “supply chain attack” on hardware wallet company Ledger. The hack allowed hackers to insert code into Ledger's ConnectKit library. This code enabled them to display fake wallet connection prompts aimed at draining users' funds.
SushiSwap was one of the first platforms to spot the attack. According to a tweet by SushiSwap CTO Matthew Lilley, a commonly used Web3 connector utilized by many DeFi platforms had been compromised. This enabled attackers to inject malicious code affecting numerous applications.
In an official statement, SushiSwap warned users to avoid any unexpected "Connect Wallet" pop-ups:
The attack works by tricking users into approving fake transactions that drain funds from their crypto wallets. While the malicious code cannot directly access users' Ledger devices or seed phrases, it can display fake prompts aimed at convincing users to sign off on fraudulent transactions.
Both SushiSwap and Revoke.cash have taken their front-end platforms offline to protect users while investigations into the hack continue. Zapper also appears to have been affected.
While funds held on hardware wallets like Ledger devices remain secure, users could unknowingly approve transactions that result in theft if they connect to compromised DApps.
Ledger has now released an official statement on its X account:
This is a developing story and will be updated.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
