A <a href="https://en.wikipedia.org/wiki/Supply_chain_attack" target="_blank">supply chain attack</a> on the Ledger connector application has rippled throughout the world of <button class="define-target" id="dapp">decentralized apps</button>, which widely use the software to enable people to connect their popular Ledger <button class="define-target" id="hardware-wallet">hardware wallets</button> to perform transactions. Although hardware wallets are meant to be among the most secure ways to store crypto, they too are vulnerable to attacks when they are connected to perform transactions.<p>A hacker was able to obtain access to Ledger's source code management tool and push out a new release that contained code that would drain wallets as users connect them. Because the library is so widely used, many crypto applications were vulnerable — including Revoke.cash, a security-focused project intended to help people guard against attacks on their wallets.</p><p>CTO of the Sushi crypto project issued a broad warning: "Do not interact with ANY dApps until further notice." At least $600,000 has been drained from multiple users so far.</p>

Archived tweet

Tweet by Matthew Lilley: