Multiple Ethereum-based applications including Zapper, SushiSwap, Phantom, Balancer and Revoke.cash were compromised early Thursday due to a Ledger security breach. Ledger, the Paris-based crypto hardware wallet manufacturer, said it has fixed the malicious code as of 13:35 UTC — the company also warned users to “Clear Sign” transactions, a way to ensure you are interacting directly with the company’s website and software.
It’s not yet known how many decentralized apps (dapps) were/are affected, or how much money has been lost. Anecdotal reports on social media suggest the exploit is widespread. Blockaid, a blockchain security firm, said upwards of $150,000 in crypto had been lost due to this unique “supply chain attack” on Ledger’s Connect Kit, which is deployed across the decentralized finance (DeFi) ecosystem.
This is an excerpt from The Node newsletter, a daily roundup of the most pivotal crypto news on CoinDesk and beyond. You can subscribe to get the full newsletter here.
“Do not interact with ANY dApps until further notice,” Sushi Chief Technology Officer Matthew Lilley wrote on X/Twitter, one of the first people to acknowledge the attack. “It appears that a commonly used Web3 connector has been compromised, which allows for injection of malicious code affecting numerous dApps.”
Hacks are a common occurrence in crypto, especially in the free-wheeling world of decentralized finance (DeFi), where financial software is frequently deployed without the appropriate level of auditing and testing as well as used by people without the knowledge to do proper due diligence. Centralized entities, aka companies, like Ledger, are also common targets for assaults.
These types of breaches are a stain on the industry, affecting not only actual people and projects but also crypto’s reputation. Internet pioneer and security expert Steve Gibson keeps up with the litany of crypto hacks on the popular podcast, “Security Now,” he co-hosts with fellow tech legend Leo Laporte, and recently said any industry where there is a running tally of the largest hacks should be treated with extreme skepticism.
Still, there is sometimes a silver lining to crypto exploits. These events, however blackening, can also be moments of levity, and a chance for seasoned crypto professionals to…
Click Here to Read the Full Original Article at Cryptocurrencies Feed…