• Root
  • Security and Scams
  • Ledger Hardware Wallet Announces Critical Security Vulnerability, Urges Users To Pause Interacting With DApps

Ledger Hardware Wallet Announces Critical Security Vulnerability, Urges Users To Pause Interacting With DApps

Do repost and rate:

Crypto firm LEDGER is warning users about a crucial exploit, urging them to pause their hardware wallet interactions with decentralized applications (DApps).

In a new thread on the social media platform X, Ledger that it has found, identified, and replaced a malicious version of its connect kit, a piece of code used to connect hardware wallets to DApps.

“We have identified and removed a malicious version of the Ledger Connect Kit. A genuine version is being pushed to replace the malicious file now. Do not interact with any DApps for the moment. We will keep you informed as the situation evolves. Your Ledger device and Ledger Live were not compromised.”

According to Ledger, the exploit was discovered when a former employee fell victim to a phishing scam and lost access to his NPMJS account, a website used by developers to create code and applications.

The bad actor then uploaded a malicious version of Ledger’s connect kit that would reroute funds from users to the hacker’s wallet. However, Ledger was able to fix this issue about five hours after it went live.

Ledger then reported the exploiter’s address, prompting stablecoin issuer Tether () to freeze the bad actor’s stash of USDT.

“This morning CET, a former Ledger Employee fell victim to a phishing attack that gained access to their NPMJS account. The attacker published a malicious version of the Ledger Connect Kit. The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet.

Ledger’s technology and security teams were alerted and a fix was deployed within 40 minutes of Ledger becoming aware. The malicious file was live for around five hours, however, we believe the window where funds were drained was limited to a period of less than two hours…

The genuine and verified Ledger Connect Kit version 1.1.8 is now propagating and is safe to use. Ledger, along with Walletconnect and our partners, have reported the bad actor’s wallet address. The address is now visible on Chainalysis. Tether has frozen the bad actor’s USDT.”

According to blockchain tracking platform Lookonchain, the hacker managed to steal about $484,000 worth of digital assets from Ledger.

 https://dailyhodl.com

Regulation and Society adoption

Ждем новостей

Нет новых страниц

Следующая новость

All content provided by the site, hyperlinks, related applications, forums, blogs, social networks and other information is taken from third-party sources and is intended for reference only. We make no warranties with respect to our content, including but not limited to accuracy and timeliness. No part of the content we provide is financial advice, legal advice or any other form of advice intended for any of your personal purpose. Any use of our content is entirely at your own risk. You should conduct your own research, review, analysis and verification of our content before relying on them. Trading is a very risky activity that can lead to large losses, so consult your financial Advisor before making any decision. No content on our site is a public offer or invitation to action.

This resource may contain 18+materials

© 2016-2024