Hacking SushiSwap, RevokeCash, etc | Bitcointalksearch.org

wallet4bitcoin

sr. member

Activity: 896

Merit: 279

Quote from: Xal0lex on December 14, 2023, 09:27:56 AM

@Altcoin_Alerts posted a warning about hacking popular decentralized apps. It is highly recommended not to connect your MetaMask and similar wallets to these applications at the moment.

Quote from: https://t.me/Altcoin_Alerts/8252

ALERT: Couple of popular dapps including Sushi, Zapper, Revoke Cash & more affected a attacker injected a wallet draining payload into the popular NPM package !

Also, SushiSwap's CTO Matthew Lilley tweeted (X) that:

Quote from: https://twitter.com/MatthewLilley/status/1735275960662921638

Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

The crypto space has been bedeveled with loads of hack in recent times, barely a year goes by without the incident of hack, vulnerabilities and exploitations. Not to even talk about the intentional honeypot, farming and exit liquidity scams. It leaves me with a question, when will we get to llimit these incidents from occurring cos it is dampening the faith of those who are mini-players and also scaring the those who are intending to adopt the technology in one way or the other.

libert19

hero member

Activity: 2464

Merit: 934

This incident was funny, people went to Revoke cash to secure themselves in case they were hacked, and doing so actually got them hacked. Good thing that dev took site offline as soon as he became aware of it, it saved many.

Quote from: vv181 on December 15, 2023, 07:05:20 AM

This incident also shows what lacking in the altcoin/token spaces, specifically, things that mentioned themselves as "decentralized platform". A truly decentralized platform should not rely on single and centralized library CDNs. On another hand, this proves that security measure is lacking among many applications.

Even decentralized blockchains like ethereum are not really decentralized as most of nodes are hosted on centralized cloud providers [1].

[1] https://cointelegraph.com/news/vitalik-buterin-ethereum-centralization-issues-running-nodes-easier

vv181

legendary

Activity: 1932

Merit: 1273

These are horrible large-scale attacks. The perpetrator knows that a particular Ledger library is being used widely across many sites, so I believe this is a carefully planned and executed attack.

This incident also shows what lacking in the altcoin/token spaces, specifically, things that mentioned themselves as "decentralized platform". A truly decentralized platform should not rely on single and centralized library CDNs. On another hand, this proves that security measure is lacking among many applications.

Quote from: cheezcarls on December 14, 2023, 11:08:39 AM

As Ledger was being targeted due to its seed phrase and private key vulnerability

The issue and the root of the problem is not that Ledger has any vulnerability related to those things!

cheezcarls

hero member

Activity: 2254

Merit: 658

Revolutionized copy gaming platform

Quote from: Xal0lex on December 14, 2023, 09:27:56 AM

@Altcoin_Alerts posted a warning about hacking popular decentralized apps. It is highly recommended not to connect your MetaMask and similar wallets to these applications at the moment.

Quote from: https://t.me/Altcoin_Alerts/8252

ALERT: Couple of popular dapps including Sushi, Zapper, Revoke Cash & more affected a attacker injected a wallet draining payload into the popular NPM package !

Also, SushiSwap's CTO Matthew Lilley tweeted (X) that:

Quote from: https://twitter.com/MatthewLilley/status/1735275960662921638

Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

Here’s their new update just now: https://x.com/revokecash/status/1735308527814537525?s=61&t=6PFitUK4YQvupu3PxlJoIg

Good thing that I did not touch my Ledger for a long while. I’ve also disconnect my Metamask from all websites just for assurance despite that it’s just a burner airdrop wallet. So my funds are SAFU.

These hackers are getting intelligent day by day and they are smart enough to target one thing that connect all of the dots which is the Web3 wallet connector itself that was being integrated by most Dapps.

For now, I am stopping all of my DeFi activities until everything is alright as they said about not interacting for a day.

As Ledger was being targeted due to its seed phrase and private key vulnerability, I am thinking of transferring them to a different hardware wallet like Tangem which has RFC cards that acts as our own main feature for security and recovery and approving of transactions.

Xal0lex

staff

Activity: 2436

Merit: 2347

@Altcoin_Alerts posted a warning about hacking popular decentralized apps. It is highly recommended not to connect your MetaMask and similar wallets to these applications at the moment.

Quote from: https://t.me/Altcoin_Alerts/8252

ALERT: Couple of popular dapps including Sushi, Zapper, Revoke Cash & more affected a attacker injected a wallet draining payload into the popular NPM package !

Also, SushiSwap's CTO Matthew Lilley tweeted (X) that:

Quote from: https://twitter.com/MatthewLilley/status/1735275960662921638

Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.

Topic: Hacking SushiSwap, RevokeCash, etc (Read 114 times)