Decentralized finance (DeFi) protocol Sushi has reportedly been hit by a front-end exploit, the company’s CTO warned about an industry-wide exploit related to a “commonly used" Web3 connector.
“Do not interact with ANY dApps until further notice,” Sushi CTO Matthew Lilley wrote on X. “It appears that a commonly used web3 connector has been compromised, which allows for injection of malicious code affecting numerous dApps.”
A front-end exploit involves hackers altering the user interface (UI) of a website or application. Hackers can then alter functions to divert capital to themselves. A front-end exploit does not gain access to a protocol’s hot wallets.
Lilley added that the suspicious code stems from hardware wallet provider Ledger’s GitHub page. One X user pointed out that Ledger’s library had been compromised and replaced with a token drainer.
Issues have also been reported across other DeFi websites, including Zapper and RevokeCash.
