top of page

Ledger Code Library has Fallen Victim To A Security Breach Led To The Drainage Of $480,000 - Update

bitcointimescy

The Ledger Code Library has fallen victim to a security breach, resulting in an unauthorized access that led to the drainage of $480,000. The attacker successfully compromised numerous Web3 decentralized applications (Dapps) in the process.

Ledger

Matthew Lilley, the Chief Technology Officer (CTO) of SushiSwap, a decentralized exchange, issued a cautionary statement to investors. In his communication, Lilley advised investors to refrain from engaging with any decentralized applications (dApps) until further notice. He disclosed that the platform had been compromised due to a security vulnerability arising from faulty software.


Additionally, CTO Lilley pointed out that the questionable code had its origins in the GitHub page of Ledger, a hardware wallet provider.


“Do not interact with ANY dApp until further notice. A widely used web3 connector appears to have been compromised, allowing injection of malicious code affecting a large number of dApps.”

Yesterday, the security of a code library maintained by Ledger, a prominent crypto wallet provider, was compromised, posing a risk to user funds for a period exceeding five hours. According to etherscan.io, the compromised address contained approximately 66 ETH across 75 tokens, valued at about $98,000. Lookonchain reported that the attacker successfully drained assets amounting to $484,000. Notably, the USDT issuer Tether blacklisted the attacker's address.


Ledger, recognized as the largest hardware wallet provider in terms of user base, communicated on X that a secure version of its Ledger Connect Kit is undergoing automatic propagation. The company advises users to wait for 24 hours before resuming interaction with the connector.


The assailant compromised Ledger's Connect Kit, a widely-used code library facilitating interactions between user wallets and decentralized applications (dApps), through a "supply-chain attack," introducing malicious software into the system.


TODAY UPDATES:


In the latest Update of @Ledger on X Platform they said:


''The genuine Ledger Connect Kit 1.1.8 is now fully propagated. Ledger and WalletConnect can confirm that the malicious code was deactivated. You are now safe to use your Ledger Connect Kit. Reminder that that we always encourage clear signing.''

Right after this post @Artchick.eth on X Platform replied to the update and then Ledger answer to him back that:

''The malicious code has been deactivated from both Ledger and @WalletConnect  - dApps are safe to use now. However, as a general opsec recommendation, we recommend to wait 24 hours, and clear browser cache.''

Lastly Ledger CEO Pascal Gauthier went on to call the hack “an unfortunate isolated incident.” He promised that moving forward.


“Ledger will implement stronger security controls, connecting our build pipeline that implements strict software supply chain security to the NPM distribution channel.”



Photo by Max Saeling on Unsplash

  • White Facebook Icon
  • LinkedIn
  • Whatsapp

BITCOIN TIMES CY NEWSLETTER

Join over million readers and get the latest posts delivered straight to your inbox.

Thanks for submitting!

*Disclaimer: The opinion presented here should not be interpreted as investment advice; rather, it is intended solely for informational purposes. It may not necessarily align with the perspective of Bitcoin Times Cy. Given that all investments and trading carry inherent risks, it is advisable to conduct your own research before reaching decisions. We advise against investing funds that you cannot afford to lose.

You should refrain from making any decision, whether financial, investment, trading, or otherwise, solely relying on the information provided on this website. It is crucial to conduct your own thorough research and seek guidance from a qualified broker or financial advisor.

Bitcoin Times Cy cannot be held accountable for any inaccuracies, omissions, or errors on this website. Moreover, Bitcoin Times Cy cannot assume responsibility for any trading or investment losses experienced by visitors to the site, even if such losses arise due to errors.

You understand that you are using any and all Information available on or through this website at your own risk.

© Copyright 2023 All rights Reserved | Bitcoin Times Cy

bottom of page