Prominent crypto developers are urging users not to interact with any web3 dApps after code sleuths spotted suspicious activity from one of the libraries from Ledger, the popular hardware wallet provider.
Matthew Lilley, the CTO of Sushi, flagged the exploit on social media. Banteg, a core contributor for Yearn, posted that Ledger’s library had been compromised and “replaced with a drainer.”
The attack’s perpetrator targeted the Ledger connect-kit, which facilitates interactions between user wallets and dApps has been infected with malicious software, with a “supply chain attack.” The attack allowed the library to be replaced with malicious software.
As of writing, Ledger is yet to acknowledge or respond to the attack.
Sushi, RevokeCash, and Zapper, have each said they were affected by the incident.
This is an ongoing story and will updated as events unfold.
Source: https://thedefiant.io/defi-users-urged-not-to-interact-with-web3-dapps-amid-major-exploit