Trader Joe has swiftly addressed a vulnerability in its analytics plugin, advising users to revoke access to a suspicious contract and restore safety.
The popular decentralized exchange (DEX) Trader Joe, on Nov. 17 announced a security breach in its frontend interface.
The breach, identified in a third-party analytics plugin, potentially put numerous users at risk, leading to immediate action by the platform’s team.
🚨 Important Security Alert
We have been alerted to a possible vulnerability in our frontend interface. Our team is conducting an immediate and thorough investigation.
We strongly advise all users to refrain from trading and from executing any transactions on the Trader Joe…
— LFJ (prev. Trader Joe) (@LFJ_gg) November 17, 2023
Breach Detection And Immediate Response
According to the Trader Joe team, they discovered the vulnerability during a routine check, which revealed compromised JavaScript code in a third-party analytics tool.
🚨 Update
Our team's preliminary analysis identified a potential exploit in a 3rd party analytics plugin hacked JavaScript code used by our frontend.
We've taken immediate action on this finding and the code has been removed, and our host remains secure with no other… https://t.co/hJBRyOF5gW
— LFJ (prev. Trader Joe) (@LFJ_gg) November 18, 2023
The breach reportedly occurred at approximately 18:34 GMT, affecting all chains, including Avalanche (AVAX), Arbitrum (ARB), and Ethereum (ETH).
However, the team swiftly removed the malicious code and temporarily shut down the frontend to prevent further risks.
The incident led to some users’ transactions being rerouted to an unknown contract, specifically identified as “0xd8ea07f43bc5045ec49ab52a3da2d0bf533581bf”. It prompted an urgent advisory for users who had interacted with the DEX after the breach to revoke any access given to this contract.
Steps For Users To Safeguard Assets
In response to the breach, Trader Joe advised its users to check and revoke approvals of the malicious contract.
The DEX directed users to use various tools, including token approval checkers on SnowTrace, Arbiscan, and BSCScan, as well as the Rabby Wallet’s Approval Centre and revoke.cash.
🚨 Important Security Alert
We have been alerted to a possible vulnerability in our frontend interface. Our team is conducting an immediate and thorough investigation.
We strongly advise all users to refrain from trading and from executing any transactions on the Trader Joe…
— LFJ (prev. Trader Joe) (@LFJ_gg) November 17, 2023
Users could also search for the affected contract address and revoke its access by entering their wallet addresses or connecting their wallets to the suggested services.
Moreover, the DEX emphasized the importance of confirming contract addresses during transactions, directing users to their developer documents for verified and safe contract addresses.
Read Also: Unidentified Hackers Steal Sensitive Data From Bankrupt Bitcoin ATM Coin Cloud
Additionally, the Trader Joe Discord channel was made available for guided support, although with an advisory on potential delays in response.
Current Status And Moving Forward
Following thorough investigation and remediation measures, Trader Joe has restored its frontend, assuring users that it is safe for all activities, including trading, liquidity, staking, and lending.
🚨 Further Update: Frontend Restored 👍
Following investigation and removal of the vulnerable 3rd party analytics code, the frontend has now been restored and it is marked safe to use for all activities such as trading, liquidity, staking, lending and more.
There are no other… https://t.co/bjkeog756u pic.twitter.com/MzLiFdG9bH
— LFJ (prev. Trader Joe) (@LFJ_gg) November 18, 2023
The DEX reassured users that there are no other third-party integrations or solutions in use, aiming to prevent similar vulnerabilities in the future.
The breach is the latest incident to affect Trader Joe. In October, the DEX was slapped with a lawsuit by a similarly named grocery retailer alleging trademark infringement and brand dilution.
The lawsuit targeted the platform as well as its founder Cheng Chieh Liu for deliberately fashioning the DEX to evoke the popular Trader Joe’s brand, an American grocery chain with 560 stores across the United States.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.