Breaking: On-Chain Data Suggests Popular Decentralized Applications are Compromised – Here’s the Latest

Last updated:
Freelance Journalist
Freelance Journalist
Andrew Throuvalas
About Author

Andrew is a journalist and content writer with a passion for Bitcoin. His work has been featured with Cryptonews, Decrypt, CryptoPotato, and Bitcoin Magazine, among others.

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Coin Cloud Hack
Source: iStock / welcomia

Multiple popular decentralized applications (dApps) have been compromised following a hack against a popular Web3 connector on Wednesday, numerous software experts confirmed on Thursday.

“Do not interact with ANY dApps until further notice,” warned Matthew Lilley, CTO of SushiSwap, in a post to X. “It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.”

The connector in question is “Ledger Connector,” a tool from the popular wallet provider that lets crypto users connect their mobile wallets to decentralized apps like exchanges and lending platforms.

As such, the attack doesn’t solely affect one dApp, but any that may use Ledger’s connect kit.

Shortly thereafter, Ledger confirmed that the malicious code had been identified and removed from its libraries and that user wallets had not been compromised.

“A genuine version is being pushed to replace the malicious file now,” the company stated.

Other X users like @bantg confirmed in advance that Ledger’s software library had been compromised and “replaced with a drainer,” with new fields like “minimalDrainValue” inserted into its code.

Given the frequency of new updates to the database in the last few hours, onlookers didn’t believe the real Ledger company was responsible.

According to @officer_cia – a hacker relations expert for Web3 security firm Remedy – some affected dApps included Sushi, as well as the DeFi dashboard Zapper, and “wallet hygiene” service Revoke.cash.

Stay Away From dApps, Expert Warn

Polygon Labs VP Hudson Jameson has acknowledged the hack and also warned crypto users to not use any dApps. “This is an ongoing situation and it is risky to use dApps currently if you don’t understand what backend libraries they use,” he said.

While visiting dApp websites alone won’t allow users’ funds to be drained, certain prompts from browser wallets – such as MetaMask – will invite users to mistakenly forfeit their assets to hackers.

“Does Ledger know about this? Yes they do and are working on it,” said Jameson. Nevertheless, projects using Ledger’s library will need to “update things” even after Ledger corrects for any malicious code.

This is the second time this year that Ledger has come under fire for poor security practices.

In May, Ledger was blasted for its “Ledger Recover” wallet service, which triggered concern that the accompanying firmware update would allow users’ private keys to be extracted from their wallets.

After criticism cooled off, the company debuted the product the late October.

More Articles

Blockchain News
Abkhazia Crypto Miners ‘Burning Through Emergency Russian Power’
Tim Alper
Tim Alper
2025-01-14 03:00:00
Bitcoin News
Japan’s Remixpoint Completes $3.2 Million Bitcoin Purchase
Tim Alper
Tim Alper
2025-01-13 23:30:00
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors