The front end of multiple decentralized applications (DApps) using Ledger’s connector, including Zapper, Sushiswap, and Revoke.cash, was compromised on Dec. 14.
SushiSwap chief technical officer Mathew Lilley reported that a commonly used Web3 connector has been compromised, allowing malicious code to be injected into numerous DApps. The on-chain analyst said the Ledger library confirmed the compromise where the vulnerable code inserted the drainer account address.
RED ALERT :
Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.
— I’m Software … Read more on Cointelegraph