Multiple DApps using Ledger connector compromised

The front end of multiple decentralized applications (DApps) using Ledger’s connector, including Zapper, Sushiswap, and, was compromised on Dec. 14. 

SushiSwap chief technical officer Mathew Lilley reported that a commonly used Web3 connector has been compromised, allowing malicious code to be injected into numerous DApps. The on-chain analyst said the Ledger library confirmed the compromise where the vulnerable code inserted the drainer account address.


Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

— I’m Software … Read more on Cointelegraph

26K Reads