Today a #exploit began to be detected where several #DApps that use the #Ledger connector were compromised. These dapps include Sushiswap, revokecash, zapper among others. But how did this happen and what actions to take? Let's explore.
After the incident was reported, Sushiswap's technical director, Mathew Lilley, announced that a commonly used web connector 3 has been compromised, which allows the injection of malicious code into various dapps.
This issue is closely related to a software library from the Ledger wallet provider that Dapps relied on. In "image 1" we can see the early warning.
How does this exploit work? If you visit the dapp website, nothing happens with your funds, however, once on the page a message automatically appears to connect your wallet, which if you give permission, will deliver your assets to malicious actors. Ledger is already aware of this and is trying to fix it. In "image 2" we can see the double interface shown on the web page.
Following this incident, it is reported that the hacker has managed to drain wallets totaling approximately $484,000 in assets. In "image 3" we can see the value of the stolen assets.
It is also known that Tether has blocked the hacker's wallet address. In "Image 4" we can see this action.
Therefore, it is recommended that Ledger users take appropriate precautions such as:
Avoid interacting with dapps
Keep an eye on your funds
Update and verify (Whenever there is a new update for the hardware)
Security measures (change passwords and review any unauthorized transactions)
Meanwhile, Ledger and metamask continue to investigate this incident, check the official networks for any updates.
In my opinion, I think that these types of incidents have to be reported and announced quickly, just imagining that by interacting with a dapp through its "official website" they can drain my funds is something inconceivable. As a user, sometimes you just click and authorize permissions, without knowing what we are signing. On the other hand, we ourselves also have to take appropriate measures and be alert to any anomaly that may exist in our funds. To be alert.
✏️Do you want to continue learning about the crypto world?
Share and follow me for more 👈😎
