- Decentralized finance (DeFi) protocol Sushi reportedly faced a front-end attack, according to the company’s CTO.
- A front-end attack involves hackers altering a website or application’s user interface (UI).
- Lilley added that the suspicious code came from the GitHub page of hardware wallet provider Ledger.
Decentralized finance (DeFi) protocol Sushi has reportedly faced a hack attack: How did the incident unfold? What’s the connection with Ledger?
Ledger Library Compromised
Decentralized finance (DeFi) protocol Sushi reportedly faced a front-end attack, according to the company’s CTO, who issued a sector-wide warning about an attack on a “commonly used” Web3 connector.
“PLEASE do not interact with any dApps until a responsible disclosure is made,” wrote Sushi CTO Matthew Lilley, adding: “There appears to be a situation where a commonly used web3 connector has been compromised, allowing the injection of malicious code affecting many dApps.”
A front-end attack involves hackers altering a website or application’s user interface (UI). Hackers can then modify functions to redirect funds to themselves. A front-end attack does not gain access to the protocol’s hot wallets.
Determination of the code’s origin from Ledger’s GitHub page
Lilley added that the suspicious code came from the GitHub page of hardware wallet provider Ledger. A user identified that Ledger’s library was compromised and replaced with a token drainer. Issues have also been reported on other DeFi websites, including Zapper and RevokeCash.