Sushi, a popular decentralized finance (DeFi) protocol, has fallen victim to a front-end exploit related to Ledger’s Connect Kit. This exploit allows hackers to compromise the front end of websites or applications, tricking users into sending money to the exploiters. The incident raises concerns about the security of DeFi protocols and the potential impact on users.
Sushi’s Chief Technology Officer issued a warning about the industry-wide exploit related to Ledger’s Connect Kit. The Connect Kit software is utilized by various DeFi protocols to connect decentralized applications (dApps) to Ledger’s products. Hackers can manipulate the front end of websites or applications, altering what users see, and deceiving them into sending funds.
The specific exploit prompts users to connect their wallets via a pop-up, which triggers a token drainer, causing funds to be siphoned away. Sushi is not the only platform affected; other DeFi websites, including Zapper and RevokeCash, have also reported similar issues.
Ledger has confirmed that a former employee fell victim to a phishing attack, allowing a hacker to insert malicious code into Ledger’s Connect Kit software. However, Ledger has promptly removed the malicious version and Tether has frozen the hacker’s wallet, mitigating the further spread of the exploit.
Sushi has advised its users to refrain from interacting with any dApps until further notice. This precautionary measure aims to protect users from potential attacks.
In a separate news, a Paris court has acquitted two individuals involved in an attack on the DeFi protocol Platypus, which resulted in the theft of $9 million worth of cryptocurrency. The hackers claimed to have acted as “ethical hackers” and intended to return the stolen funds to the protocol at a later stage. The court dropped charges of money laundering and receiving stolen funds against the hackers. However, Platypus still has the option to pursue charges against the suspects in civil court.
The recent front-end exploit on Sushi and other DeFi protocols, linked to Ledger’s Connect Kit, highlights the vulnerabilities in the ecosystem. The incident raises concerns about the trustworthiness of dApps and emphasizes the need for enhanced security measures in the DeFi space. Users are cautioned against interacting with any dApps.