The Block18 minutes ago

Published on December 14, 2023 13:31 GMT+00:00edited on December 14, 2023 13:39 GMT+00:00

A critical web3 security vulnerability emerged today, reportedly affecting several decentralized applications. The issue is related to a software library from the crypto hardware wallet provider Ledger, the “LedgerHQ” library, that dapps rely on for use with the crypto wallet service. This vulnerability could potentially allow malicious code to be injected into numerous dapps on their front-ends — posing a significant risk to users and their assets.

Consequently, front ends to dapps such as SushiSwap, Kyber, RevokeCash and Zapper could be vulnerable if used. Both Kyber and RevokeCash confirmed on X that they disabled their front-ends. 

According to reports, the library code was replaced with malicious software created by hackers and designed to drain assets. 

Security firm …