Matthew Lilley, the CTO at SushiSwap, has warned on X (Twitter), asking users to avoid interaction with any decentralized applications (dApps). Many other dApps have confirmed a compromise.
Lilley wrote on X (Twitter):
Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.
He also asked the hardware wallet company, Ledger, to investigate further on the matter. The Web3 security firm Blockaid suspects a potential supply chain attack on ledgerconnect kit. It wrote:
The attacker injected a wallet-draining payload into the popular NPM package. This currently affects a couple of popular dapps including but not limited to Hey.xyz, and Sushi.com.
Also, Revoke.cash confirmed that it has been compromised
This is a developing story
Do you have anything to say about dApps compromise or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or X (Twitter).
For Bitnaz’s latest Bitcoin (BTC) analysis, click here.
Disclaimer
In adherence to the Trust Project guidelines, Bitnaz is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.