By: Isha Das
A malicious infiltration has been detected in ledger's ConnectKit library, affecting multiple Decentralized Applications (DApps) using the library including SushiSwap and Revoke.cash. Ledger, a leading crypto hardware wallet provider, acknowledged this critical compromise as they cautioned users to refrain from interacting with any DApps until further clarification.
A lead developer from Yearn.finance, Banteg, confirmed the library's compromise and urged users to await clearer communication before proceeding with any DApps. The repercussions of the compromise include the potential injection of malicious code, adversely affecting a wide array of DApps. As such, numerous DeFi projects have acknowledged being impacted and advised users to exercise caution.
The incident also aroused caution from Hudson James, a VP at Polygon Labs, who reiterated the risks of interacting with DApp front ends before a full understanding of the underlying backend libraries is ascertained. While Ledger is working on pushing a genuine version to replace the compromised library, the crypto community is urged to exercise vigilance and safe practices during this ongoing situation.