Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
Breaking: Ledger Removes Bug Allowing Popular Decentralized Applications To Be Compromised – Here’s the Latest
Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.
Source: iStock / welcomiaMultiple popular decentralized applications (dApps) have been compromised following a hack against a popular Web3 connector on Wednesday, numerous software experts confirmed on Thursday.
“Do not interact with ANY dApps until further notice,” warned Matthew Lilley, CTO of SushiSwap, in a post to X. “It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.”
The connector in question is “Ledger Connector,” a tool from the popular wallet provider that lets crypto users connect their mobile wallets to decentralized apps like exchanges and lending platforms.
As such, the attack doesn’t solely affect one dApp, but any that may use Ledger’s connect kit.
Shortly thereafter, Ledger confirmed that the malicious code had been identified and removed from its libraries and that user wallets had not been compromised.
“A genuine version is being pushed to replace the malicious file now,” the company stated.
Other X users like @bantg confirmed in advance that Ledger’s software library had been compromised and “replaced with a drainer,” with new fields like “minimalDrainValue” inserted into its code.
Given the frequency of new updates to the database in the last few hours, onlookers didn’t believe the real Ledger company was responsible.
According to @officer_cia – a hacker relations expert for Web3 security firm Remedy – some affected dApps included Sushi, as well as the DeFi dashboard Zapper, and “wallet hygiene” service Revoke.cash.
Stay Away From dApps, Expert Warn
Polygon Labs VP Hudson Jameson has acknowledged the hack and also warned crypto users to not use any dApps. “This is an ongoing situation and it is risky to use dApps currently if you don’t understand what backend libraries they use,” he said.
While visiting dApp websites alone won’t allow users’ funds to be drained, certain s from browser wallets – such as MetaMask – will invite users to mistakenly forfeit their assets to hackers.
“Does Ledger know about this? Yes they do and are working on it,” said Jameson. Nevertheless, projects using Ledger’s library will need to “update things” even after Ledger corrects for any malicious code.
This is the second time this year that Ledger has come under fire for poor security practices.
In May, Ledger was blasted for its “Ledger Recover” wallet service, which triggered concern that the accompanying firmware update would allow users’ private keys to be extracted from their wallets.
After criticism cooled off, the company debuted the product the late October.