Hackers Steal $484K After Compromising Ledger's Connect Kit Code Used by Major DeFi Apps
• Hackers exploit Ledger's Connect Kit code, stealing $484K from DeFi protocols using the software • Malicious code inserted into GitHub library impacts front-ends of Sushi, Lido, MetaMask, Coinbase, etc. • Attack targeted a Ledger employee via phishing, enabling hacker to publish malicious Connect Kit version • Users warned not to use dApps until protocols manually update; revoke.cash specifically still affected • Highlights fragility of decentralized apps, with multiple points of failure across connected codebases