According to Cyvers, the attacker caused malicious code to be inserted into multiple app user interfaces, allowing the exploiter to fool users into confirming transactions.
How the Ledger Connect hacker tricked users into making malicious approvals
According to Cyvers, the attacker caused malicious code to be inserted into multiple app user interfaces, allowing the exploiter to fool users into confirming transactions.
BREAKING: Sushi DeFi Security Breach: CTO Sounds Alarm, SUSHI Price Drops 4%
In a significant blow to the decentralized finance (DeFi) sector, the Sushi DeFi protocol has fallen victim to its second exploit this year.
The protocol’s Chief Technology Officer (CTO), Matthew Lilley, has issued a stark warning to users, advising them to refrain from using any decentralized applications (dApps) until further notice.
Sushi And Zapper Frontends Compromised
The latest breach has prompted concerns about the security and integrity of the Sushi DeFi protocol and other associated dApps. According to Lilley, a widely-used web3 connector has been compromised, allowing malicious code injection that affects numerous dApps.
Specifically, dApps that use the LedgerHQ/connect-kit, a dApp that allows users to connect other dApps to their Ledger hardware wallets, are considered vulnerable. Notably, Lilley’s warning underscores the severity of the situation, emphasizing that this is not an isolated attack, but a large-scale assault targeting multiple dApps.
Further investigation by security experts has revealed a potential supply chain attack on the ledger connect kit. The attacker allegedly successfully injected a wallet-draining payload into the popular Node Package Manager (NPM), impacting several prominent dApps, including Hey and others.
Additionally, it has been discovered that the Zapper and Sushi frontends have been hijacked, exacerbating the scope of the breach.
Slowmist, a module of Ledger, further confirmed that their system was hijacked and tampered with during the supply chain attack. This compromised the integrity of the ledgerhq/connect-kit library, which is relied upon by many dApps.
As a result, users are urged to exercise caution when conducting any dApp-related operations and to scrutinize requests for wallet information that may appear unexpected.
Malicious Connect Kit Neutralized?
In an official statement, Ledger has confirmed the identification and removal of a malicious version of the Ledger Connect Kit. The company assures users that their Ledger devices and Ledger Live remain uncompromised.
The company stated that a genuine version of the Connect Kit is currently being pushed to replace the malicious file. Ledger advises users to refrain from interacting with any dApps at the moment for their safety.
The company pledges to provide updates as the situation develops, ensuring users stay informed about the ongoing efforts to address the security breach.
SUSHI’s Uptrend Threatened By Exploit Fallout
In light of recent events affecting the Sushi DeFi protocol, its native token, SUSHI, has experienced a decline of over 4% within the past hour, reaching a low of $1.590.
Before the exploit, SUSHI had been exhibiting a notable uptrend structure on its 1-day chart, marked by higher highs and higher lows. However, with the loss of its crucial support level at $1.961, there is a potential invalidation of the previously established uptrend.
The uncertainty surrounding the protocol’s native token raises the possibility of further downside in SUSHI’s price action. If a sustained downtrend continues, the next significant support level for SUSHI is located at $1.084.
Featured image from Shutterstock, chart from TradingView.com
Multiple DApps using Ledger connector compromised
Multiple decentralized applications using Ledger’s connector library have been compromised, including SushiSwap and Revoke.cash,
Sushi to test Bitcoin swaps and Opyn DeFi protocol founders cave to CFTC pressure: Finance Redefined
Sushi is set to test Bitcoin swaps on 30 different blockchains using the interpretability protocol ZetaChain.
Bitcoin Is Coming to Sushi as DeFi Platform Expands to ZetaChain
The move allows users to access the liquidity of bitcoin on decentralized finance (DeFi) without going through intermediaries like wrappers.
SushiSwap furthers cross-chain functionality with Core integration
SushiSwap brings liquidity pools, cross-chain swaps and its DEX aggregator to the Core blockchain ecosystem.
Tensions Rise Between SushiSwap, Lido Over Return of Exploited Funds
Two decentralized finance projects are butting heads over a governance proposal that could see the recovery of 40 ETH stolen in Sushiswap’s April hack.
SUSHI Down 45%: What’s Driving the Decline?
The price of SUSHI, the native token of SushiSwap, a decentralized exchange, is down 45% from February 2023, when prices peaked at $1.63, the highest level in six months.
SushiSwap Token Redesign
This contraction is despite the successful implementation of a proposal to redesign SUSHI’s tokenomics, making SUSHI, a governance token, more deflationary.
The proposal was first made in December 2022 by Chief Chef Jeremy Grey and was voted on and agreed on by the community early this year.
The proposal passed with a majority vote and will seek to reduce the SUSHI supply over the years. At the same time, it will increase the rewards for liquidity providers while encouraging users to stake SUSHI for longer.
Grey argued that this implementation would promote decentralization while making the protocol have “more equitable governance with sustainable economics.” Eventually, by redesigning SUSHI’s tokenomics, the goal will be to keep annual inflation between 1% to 3%.
The latest data from MoneyPrinter shows that SUSHI’s annual inflation stands at 1.23%, aligning with SushiSwap’s tokenomics redesign. If anything, this inflation rate is lower than Bitcoin, which has an annual issuance rate of 1.82%. SUSHI’s inflation is also lower than Cardano, which has an annual emission of 1.79%.
While analysts expect low inflation to support prices in the long haul, the performance of SUSHI in the first half of 2023 has been dismal. SUSHI is down 45% from 2023 highs and 99% from 2021 peaks when the token changed hands at around $22.
Blame The Winter, Hack, And Regulators
While the markets have recovered, some, including SUSHI, could still be reeling from the effects of the crypto winter.
Last year, Bitcoin, the largest coin by market cap, crashed by over 70% after peaking at over $69,000 in November 2021. The collapse of BTC dragged the altcoin market with it, forcing the more volatile assets even lower, adversely affecting SUSHI.
As an illustration, SUSHI is trending at 2022 lows at around $0.89, retesting a critical multi-month support level.
Prices are also capped as investor confidence took a hit following SushiSwap’s RouterProcessor2 contract exploit in early April 2023. Hackers ended up with $3.3 million. Although the flaw has since been patched, the reputational damage associated with the vulnerability dents investor confidence.
It remains to be seen how SushiSwap will navigate potential new regulations, particularly those from the United States. Some policymakers have taken a negative stance towards cryptocurrency, causing users in the country to hesitate to engage with DeFi protocols due to potential legal consequences.
Decentralized Exchange SushiSwap Rolls Out V3 Liquidity Pool on 13 Chains
The new liquidity pools aim to help users reduce financial risks and increase their profits across networks.
SushiSwap to Propose Tokenomics Changes to Promote Uniswap v3 Adoption
Changes to the protocol’s “Chef” contracts are intended to make it more decentralized and secure.
SushiSwap to Launch Claims Website for Vested SUSHI Tokens
Customers can claim their SUSHI until April 23.
SushiSwap approval bug leads to $3.3 million exploit
Only users who have traded on the decentralized exchange in the last four days are apparently affected.
Sushi Swap CEO Says He No Longer Feels ‘Inspired’ Amid U.S. Regulators’ Crypto Crackdown
Sushi Swap Head Chef Jared Grey fielded questions from his community about an SEC subpoena he received during a Thursday call.
Crypto’s Unfulfilled Dreams Get a Tailwind From U.S. Crackdown on Binance, Coinbase
The crypto revolution was supposed to make finance more decentralized, but much of the industry is centralized. Regulatory pressure could change that.
GoldenTree Moves $5M of SUSHI, Sparking Fear It’s Exiting
Much of the asset manager’s Sushi trove was deposited at Binance in the last 24 hours.
Sushi sets up legal defense fund after SEC subpoenas head chef Jared Grey and DAO itself
The DAO said it would not be commenting on “ongoing legal investigations,” but its existing $100,000 defense fund was apparently not enough.
DeFi protocols unite to promote permissionless Web3 experiences
The collaboration of over 30 DeFi projects came as an effort to counteract the negative sentiments built in 2022 due to numerous CeFi ecosystem crashes.
SushiSwap To Redirect 100% Trading Fees To Treasury
While the DeFi market has continued to mirror the crypto market rally, more innovations have been introduced to the ecosystem. In today’s news, SushiSwap, the sixth-largest decentralized exchange (DEX) by 24 hours trading volume, has passed a proposal to relocate 100% of its trading fees to the SushiSwap treasury for maintenance and expenses.
Related Reading: SushiSwap Head Chef Suggests Cooking Up New Token Model – Will The DEX Survive 2023?
SushiSwap Introduces New Update
This new update comes after CEO Jared Grey voiced warnings that the exchange treasury stability is numbered as it has “only 1.5 years of treasury runway left,” despite having cut down the annual operating expenses from $9 million to $5 million during the ongoing crypto winter.
According to a presented governance proposal by the developers of the SushiSwap decentralized exchange, which was passed on January 23, the SushiSwap exchange will now extend the usage of trading fees by redirecting them to the exchange’s treasury to enhance the operation and maintenance of the exchange over the next one year.
The proposal noted, “Revenue to the treasury will be 50% ETH and 50% USDC, with a projection of ~$6m being earned over the next year if this proposal were to pass.” In another proposal passed the same day, approximately 99.85% of voters voted in favor of “clawing back” 10,936,284 unclaimed SUSHI ($14.8 million) tokens to be rewarded to early liquidity providers during the DEX’s launch in 2020.
SushiSwap Painful Loss And Recovery
Undoubtedly the crypto winter hit most projects in the industry, including DeFi platforms such as SushiSwap. Last December, SushiSwap CEO Jared Grey revealed that the DEX experienced a $30 million loss over the past 12 months on incentives for liquidity providers (LPs).
To counter that loss and initiate recovery, Grey revealed plans to refine SushiSwap’s tokenomics so that LPs are no longer bankrolled with emissions and redesign the complete model of bootstrapping liquidity on the exchange.
The “Kanpai” governance proposal, which aims to relocate trading protocol fees to the treasury, was also referred to by Grey when illustrating the plans to update the SushiSwap exchange.
“Put simply, it (Kanpai) allows the protocol to rebuild its cash reserves to continue to pay competitive wages, pay for critical infrastructure, & to diversify its Treasury with funds collected in the base pairs of assets, like ETH, stablecoins, etc. Kanpai is a temporary solution,” Grey stated.
Speaking of SushiSwap, the protocol’s native token, SUSHI, has been in a rally, following the rest of the DeFi sector.
SUSHI has surged by over 40% in the last 30 days; meanwhile, at the time of writing, SUSHI trades at $1.34, down by 1.4% in the previous 24 hours and with a trading volume of $58.6 million in the same period.
SushiSwap passes 100% fee relocation, 10.9M SUSHI clawback proposals
100% of trading fees on the platform will soon be redirected to the SushiSwap treasury for maintenance and expenses.