Hacking SushiSwap, RevokeCash, etc

[Xal0lex]

@Altcoin_Alerts posted a warning about hacking popular decentralized apps. It is highly recommended not to connect your MetaMask and similar wallets to these applications at the moment.

ALERT: Couple of popular dapps including Sushi, Zapper, Revoke Cash & more affected a attacker injected a wallet draining payload into the popular NPM package !

Also, SushiSwap's CTO Matthew Lilley tweeted (X) that:

Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

[cheezcarls]

@Altcoin_Alerts posted a warning about hacking popular decentralized apps. It is highly recommended not to connect your MetaMask and similar wallets to these applications at the moment.

ALERT: Couple of popular dapps including Sushi, Zapper, Revoke Cash & more affected a attacker injected a wallet draining payload into the popular NPM package !

Also, SushiSwap's CTO Matthew Lilley tweeted (X) that:

Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

Here’s their new update just now: https://x.com/revokecash/status/1735308527814537525?s=61&t=6PFitUK4YQvupu3PxlJoIg

Good thing that I did not touch my Ledger for a long while. I’ve also disconnect my Metamask from all websites just for assurance despite that it’s just a burner airdrop wallet. So my funds are SAFU.

These hackers are getting intelligent day by day and they are smart enough to target one thing that connect all of the dots which is the Web3 wallet connector itself that was being integrated by most Dapps.

For now, I am stopping all of my DeFi activities until everything is alright as they said about not interacting for a day.

As Ledger was being targeted due to its seed phrase and private key vulnerability, I am thinking of transferring them to a different hardware wallet like Tangem which has RFC cards that acts as our own main feature for security and recovery and approving of transactions.

[vv181]

These are horrible large-scale attacks. The perpetrator knows that a particular Ledger library is being used widely across many sites, so I believe this is a carefully planned and executed attack.

This incident also shows what lacking in the altcoin/token spaces, specifically, things that mentioned themselves as "decentralized platform". A truly decentralized platform should not rely on single and centralized library CDNs. On another hand, this proves that security measure is lacking among many applications.

As Ledger was being targeted due to its seed phrase and private key vulnerability

The issue and the root of the problem is not that Ledger has any vulnerability related to those things!

[libert19]

This incident was funny, people went to Revoke cash to secure themselves in case they were hacked, and doing so actually got them hacked. Good thing that dev took site offline as soon as he became aware of it, it saved many.

This incident also shows what lacking in the altcoin/token spaces, specifically, things that mentioned themselves as "decentralized platform". A truly decentralized platform should not rely on single and centralized library CDNs. On another hand, this proves that security measure is lacking among many applications.

Even decentralized blockchains like ethereum are not really decentralized as most of nodes are hosted on centralized cloud providers [1].


[1] https://cointelegraph.com/news/vitalik-buterin-ethereum-centralization-issues-running-nodes-easier

[wallet4bitcoin]

@Altcoin_Alerts posted a warning about hacking popular decentralized apps. It is highly recommended not to connect your MetaMask and similar wallets to these applications at the moment.

ALERT: Couple of popular dapps including Sushi, Zapper, Revoke Cash & more affected a attacker injected a wallet draining payload into the popular NPM package !

Also, SushiSwap's CTO Matthew Lilley tweeted (X) that:

Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

The crypto space has been bedeveled with loads of hack in recent times, barely a year goes by without the incident of hack, vulnerabilities and exploitations. Not to even talk about the intentional honeypot, farming and exit liquidity scams.  It leaves me with a question, when will we get to llimit these incidents from occurring cos it is dampening the faith of those who are mini-players and also scaring the those who are intending to adopt the technology in one way or the other.