Hack Ledger Connect: manufacturer calls for no DApps

Following a attack touching sound Connect Kit, Ledger has custody his customers. ” N’interact with no DApp for the moment,” wrote manufacturer from wallets tricolor.

This Thursday early afternoon, several decentralized applications, including Sushiswap and Revoke Cash, reported on X that the Ledger connector connector had been compromised, potentially allowing malicious code to be injected and affecting various DApps.

The principal concerned quickly published a message on the subject, indicating that he had proceeded to remove a malicious version of the Connect Kit. Ledger specified that an “authentic version” was now available.

Please do not interact with any dApp at this time. We will keep you informed as the situation develops. Your Ledger device and Ledger Live have not been compromised,” added the French manufacturer.

🚨We have identified and removed a malicious version of the Ledger Connect Kit. 🚨

A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.

Your Ledger device and…

– Ledger (@Ledger) December 14, 2023

Users’ funds will not be at risk as long as they do not connect their wallet to third-party applications.

“The malicious version of the file was replaced by the authentic version at around 2:35 pm CET. The new genuine version should be propagated shortly. We will provide a full report as soon as it is ready,” Ledger added at the time of publishing this article.

Updated 12/14/2023 at 5:52 pm : Ledger has published a “final message” on the subject:

The authentic version 1.1.8 of the Ledger Connect Kit is now propagating automatically. We recommend that you wait 24 hours before using the Ledger Connect Kit again.”

The crypto unicorn is also went into more detail about the attack, which began with a phishing attack on a former company employee.

According to Lookonchain, the hacker succeeded to steal more than 4,300 ethers, but his address was frozen by the Tether sender.

To keep up with the latest Crypto and Web3 news, visit Coins.fr on TwitterLinkedin, Google, Facebook and Telegram