sushiusd Archives

In a significant blow to the decentralized finance (DeFi) sector, the Sushi DeFi protocol has fallen victim to its second exploit this year.

The protocol’s Chief Technology Officer (CTO), Matthew Lilley, has issued a stark warning to users, advising them to refrain from using any decentralized applications (dApps) until further notice.

Sushi And Zapper Frontends Compromised

The latest breach has prompted concerns about the security and integrity of the Sushi DeFi protocol and other associated dApps. According to Lilley, a widely-used web3 connector has been compromised, allowing malicious code injection that affects numerous dApps.

Specifically, dApps that use the LedgerHQ/connect-kit, a dApp that allows users to connect other dApps to their Ledger hardware wallets, are considered vulnerable. Notably, Lilley’s warning underscores the severity of the situation, emphasizing that this is not an isolated attack, but a large-scale assault targeting multiple dApps.

Further investigation by security experts has revealed a potential supply chain attack on the ledger connect kit. The attacker allegedly successfully injected a wallet-draining payload into the popular Node Package Manager (NPM), impacting several prominent dApps, including Hey and others.

Additionally, it has been discovered that the Zapper and Sushi frontends have been hijacked, exacerbating the scope of the breach.

Slowmist, a module of Ledger, further confirmed that their system was hijacked and tampered with during the supply chain attack. This compromised the integrity of the ledgerhq/connect-kit library, which is relied upon by many dApps.

As a result, users are urged to exercise caution when conducting any dApp-related operations and to scrutinize requests for wallet information that may appear unexpected.

Malicious Connect Kit Neutralized?

In an official statement, Ledger has confirmed the identification and removal of a malicious version of the Ledger Connect Kit. The company assures users that their Ledger devices and Ledger Live remain uncompromised.

The company stated that a genuine version of the Connect Kit is currently being pushed to replace the malicious file. Ledger advises users to refrain from interacting with any dApps at the moment for their safety.

The company pledges to provide updates as the situation develops, ensuring users stay informed about the ongoing efforts to address the security breach.

SUSHI’s Uptrend Threatened By Exploit Fallout

In light of recent events affecting the Sushi DeFi protocol, its native token, SUSHI, has experienced a decline of over 4% within the past hour, reaching a low of $1.590.

Sushi

Before the exploit, SUSHI had been exhibiting a notable uptrend structure on its 1-day chart, marked by higher highs and higher lows. However, with the loss of its crucial support level at $1.961, there is a potential invalidation of the previously established uptrend.

The uncertainty surrounding the protocol’s native token raises the possibility of further downside in SUSHI’s price action. If a sustained downtrend continues, the next significant support level for SUSHI is located at $1.084.

Featured image from Shutterstock, chart from TradingView.com

Over the last day, the price of SUSHI, the native cryptocurrency of the SushiSwap ecosystem, has been on the decline. However, this was not just a normal market decline and was tied to rumors that have been circulating in connection to its new ‘Head Chef’ Jared Grey’s conduct in the past and inappropriate sexual conduct with a… horse.

Accused Of Running Scams

A little over a week ago, the SushiSwap decentralized finance (DeFi) protocol appointed Jared Grey as its new head chef. All was fine for a while until the rumors started to emerge. In a thread, a Twitter user called out Grey over some of his previous projects.

The thread alleged that Grey had orchestrated various scams in the space under his company called “Multiplex PC” and had stolen crypto from investors. The account known as YannickCrypto pointed out that Grey had previously been the CEO of ALQO, which had been used to steal user funds. Apparently, the ALQO team had launched a web wallet which had then been used to steal a large supply of ALQO from investors.

The accusations did not end there because Yannick alleges that Grey had taken the scam further. Apparently, ALQO had subsequently been moved to the Ethereum blockchain and then renamed to EONS to make it impossible to trace back to ALQO.

Another scam Grey is accused of is of a crypto exchange, Bitfineon, that was promoted but never went live. The Twitter user explained that Grey had charged coin founders a 1 BTC listing fee for Bitfineon and stole about 20 BTC from founders this way.

Then there were the less unsavory rumors that Jared Grey had been involved in inappropriate sexual conduct with a horse. In true crypto fashion, this last rumor garnered the most interest and has since caused the price of SUSHI to dump.

SUSHI price falls 10% in 24 hours | Source: SUSHIUSD on TradingView.com
SUSHI Takes The Heat

Since the thread and the rumors began circulating, the price of SUSHI has taken a big hit in the market. The price had declined by more than 10% once the rumors were in full bloom, pushing the price of the digital asset down to $1.2 at this time.

SushiSwap Head Chef Jared Grey had then taken to Twitter to dismiss the rumors which he referred to as “baseless accusations.” He denied ever stealing funds from investors and instead said that his business partner had been the one who had actually stolen the funds.

“I have always operated with integrity in this space; you can reach out to anyone I’ve worked with directly over the years,” said Grey. “I’ve had business failures, which CT likes to scrutinize, and I’m OK with that because it comes with the territory.”

Featured image from Zipmex, chart from TradingView.com

Follow Best Owie on Twitter for market insights, updates, and the occasional funny tweet…