Posted on

BREAKING: Sushi DeFi Security Breach: CTO Sounds Alarm, SUSHI Price Drops 4%

In a significant blow to the decentralized finance (DeFi) sector, the Sushi DeFi protocol has fallen victim to its second exploit this year.

The protocol’s Chief Technology Officer (CTO), Matthew Lilley, has issued a stark warning to users, advising them to refrain from using any decentralized applications (dApps) until further notice.

Sushi And Zapper Frontends Compromised

The latest breach has prompted concerns about the security and integrity of the Sushi DeFi protocol and other associated dApps. According to Lilley, a widely-used web3 connector has been compromised, allowing malicious code injection that affects numerous dApps. 

Specifically, dApps that use the LedgerHQ/connect-kit, a dApp that allows users to connect other dApps to their Ledger hardware wallets, are considered vulnerable. Notably, Lilley’s warning underscores the severity of the situation, emphasizing that this is not an isolated attack, but a large-scale assault targeting multiple dApps.

Further investigation by security experts has revealed a potential supply chain attack on the ledger connect kit. The attacker allegedly successfully injected a wallet-draining payload into the popular Node Package Manager (NPM), impacting several prominent dApps, including Hey and others. 

Additionally, it has been discovered that the Zapper and Sushi frontends have been hijacked, exacerbating the scope of the breach.

Slowmist, a module of Ledger, further confirmed that their system was hijacked and tampered with during the supply chain attack. This compromised the integrity of the ledgerhq/connect-kit library, which is relied upon by many dApps. 

As a result, users are urged to exercise caution when conducting any dApp-related operations and to scrutinize requests for wallet information that may appear unexpected.

Malicious Connect Kit Neutralized? 

In an official statement, Ledger has confirmed the identification and removal of a malicious version of the Ledger Connect Kit. The company assures users that their Ledger devices and Ledger Live remain uncompromised. 

The company stated that a genuine version of the Connect Kit is currently being pushed to replace the malicious file. Ledger advises users to refrain from interacting with any dApps at the moment for their safety. 

The company pledges to provide updates as the situation develops, ensuring users stay informed about the ongoing efforts to address the security breach.

SUSHI’s Uptrend Threatened By Exploit Fallout

In light of recent events affecting the Sushi DeFi protocol, its native token, SUSHI, has experienced a decline of over 4% within the past hour, reaching a low of $1.590. 

Sushi

Before the exploit, SUSHI had been exhibiting a notable uptrend structure on its 1-day chart, marked by higher highs and higher lows. However, with the loss of its crucial support level at $1.961, there is a potential invalidation of the previously established uptrend. 

The uncertainty surrounding the protocol’s native token raises the possibility of further downside in SUSHI’s price action. If a sustained downtrend continues, the next significant support level for SUSHI is located at $1.084. 

Featured image from Shutterstock, chart from TradingView.com 

Posted on

What’s Sushiswap cooking? Holders prepare for upside move

Decentralized exchange Sushiswap has not lagged behind Uniswap Labs’ v3 announcement. In an official post, they have introduced new products called BentoBox and Kashi Lending. Now, users of the platform have a new tool to maximize their earnings:

BentoBox is a vault, serving as a decentralized “App Store” where you can deposit assets within to enable other Dapps. We are excited to announce that Kashi is our first Dapp within BentoBox, a margin trading platform powered by its lending protocol, allowing users to create lending token pairs of a wide range of however they perceive could optimize returns.

BentoBox will allow its users to generate profits from flash loans and other strategies that build on the product, according to the release. Kashi will be the instrument that will allow the use of tokens stored in BentoBox:

for lending, borrowing, and most importantly, one-click leverage trading transactions.

This announcement coincides with data shared by analyst Ali Martinez, recording an increase in development activity related to the Sushiswap during the last week. As shown in the image below, development activity has been increasing since the beginning of March until reaching a peak on the 13th of this month.

Simultaneously, the analyst has indicated a distribution chart of SUSHI holders indicates that “insiders may be preparing for a bullish impulse”. In the past two days, addresses holding the SUSHI token have grown by 8.10% from 10,000 to 100,000.

In anticipation of a possible bull-run, 15 new “mid-sized” whales have taken a position in SUSHI, since March 24. As a result, buying pressure on SUSHI has shown a significant increase. These investors seem to be confident that SUSHI’s price will prolong its rally in the coming days.

Sushiswap (SUSHI) outperforms UNI

Over the last day, according to DeFi Pulse data, Sushiswap has had a 0.64% increase in total value locked (TVL) to rank 6th in the top 10 DeFi protocols. In contrast, Uniswap has had a 3.40% growth in the same period.

However, governance token SUSHI has seen higher growth in the last 24 hours with gains of 12.3%. On the weekly chart, losses still stand at 16.6%, but on the monthly chart, gains are at 12.4%.

SUSHI on a bullish trajectory in the 24-hour chart. Source: SUSHIUSDT Tradingview

UNI shows gains of 4.7% on the last day and trades at $28.42. In the short term, SUSHI holders may still face significant resistance. IntoTheBlock’s Global In/Out of the Money metric indicates that around 5,200 directions bought 87 million SUSHI in the high $10 range. These investors could take profit at current levels.

Sushiswap SUSHI
Source: IntoTheBlock