"Do not interact with ANY dApps until further notice," Sushi CTO Matthew Lilley wrote on X. "It appears that a commonly used web3 connector has been compromised, which allows for injection of malicious code affecting numerous dApps."
Lilley added that the suspicious code stems from hardware wallet provider Ledger's GitHub page. One X user pointed out that Ledger's library had been compromised and replaced with a token drainer.
[
add
]
[
|
|
...
]