DeFi Under Threat: Ledger Exploit Sparks Sushi's Warning to Avoid Interacting with Any dApps

The decentralized finance (DeFi) sector recently faced a significant setback due to a widespread exploit targeting crucial protocols, with the influential player Sushi being among the affected entities. The exploit, originating from a compromised Ledger Connect Kit, has raised concerns about the security of hardware wallet integrations within the vast landscape of decentralized finance.

Ledger, a renowned provider of hardware wallets, supplies the Connect Kit software widely used by various DeFi protocols such as Lido, Metamask, Coinbase, and Sushi. This software facilitates the integration of decentralized applications (dApps) with Ledger's hardware products. However, a front-end exploit has exposed the DeFi community to malicious activities.

In response to the breach, Matthew Lilley, the Chief Technology Officer at Sushi, issued a cautionary advisory to users, urging them to refrain from engaging with any dApps until further notice. The compromise of a widely used web3 connector allowed hackers to inject malicious code into the front end of websites and applications. This manipulation altered the functions visible to users, redirecting funds to the attackers instead of their intended wallets.

???????????? RED ALERT ????????????:

Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

— I'm Software ???????? (@MatthewLilley) December 14, 2023

The exploit featured a deceptive pop-up prompt enticing users to connect their wallets, subsequently activating a token drainer. Similar issues were reported across various DeFi platforms, including Zapper and RevokeCash, highlighting the extensive reach of the attack.

The malicious Connect Wallet popup is opening on top of the actual modal like this: pic.twitter.com/T7XR6fCHAx

— Apoorv Lathey (@apoorvlathey) December 14, 2023

Following the incident, Ledger conducted a thorough post-mortem analysis, revealing that a former employee had fallen victim to a phishing attack. This security lapse provided an opportunity for the hacker to insert malicious code into Ledger's Connect Kit. Ledger promptly responded by eliminating the compromised code and freezing the wallet linked to the attack. Additionally, Ledger reassured users that its hardware devices and Ledger Live remained unaffected throughout the entire incident.

FINAL TIMELINE AND UPDATE TO CUSTOMERS:

4:49pm CET:

Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.

The investigation continues, here is the timeline of what we know about…

— Ledger (@Ledger) December 14, 2023

Sushi issued a statement acknowledging the severity of the issue, cautioning users against interacting with unexpected "Connect Wallet" pop-ups. Notably, a user on the platform pointed out the compromise of Ledger's library, replaced with a token drainer.

???? Urgent Security Alert ????

We've identified a critical issue the ledger connector has been compromised, potentially allowing the injection of malicious code affecting various dApps.

???? If you have the Sushi page open and see an unexpected 'Connect Wallet' pop-up, DO NOT… https://t.co/alGVbnPfHW

— Sushi.com (@SushiSwap) December 14, 2023

In an effort to restore confidence, Ledger assured users of the implementation of a genuine version of the Ledger Connect Kit to replace the malicious file. However, users were advised to temporarily abstain from interacting with any dApps, emphasizing ongoing communication regarding the evolving situation.

???? ledger library confirmed compromised and replaced with a drainer. wait out interacting with any dapps till things become clearer.https://t.co/xapunW8zC3 pic.twitter.com/NlAc11vhdv

— banteg (@bantg) December 14, 2023

This incident serves as a stark reminder of the vulnerability of DeFi protocols to exploits, emphasizing the critical need for continuous vigilance and swift responses to uphold the integrity and security of the decentralized finance ecosystem. As the industry undergoes evolution, stakeholders must prioritize robust security measures to safeguard user funds and sustain the trust of the expanding DeFi community.

Read More: ZetaSwap: Pioneering Seamless BTC Interoperability in DeFi