Fri. Feb 23rd, 2024

Ledger Fixes Critical Bug Affecting Decentralized Apps. Now Is It Safe To Use Ledger Connect Kit

Jakub Motyka By Jakub Motyka Dec 15, 2023 #Ledger
Ledger Connect Kit 1.1.8

✍️ 20 December, 2023 – 15:19 👤 Editor: Jakub Motyka

  • Ledger has just released the update that fixes the vulnerability that affected its Ledger Connect Kit yesterday.
  • The attack allowed hackers to insert malicious code that could affect any dApp user in the crypto ecosystem.
  • The latest news about cryptos on our Telegram channel.

The recent security flaw in the Ledger Connect Kit library that put it in check to numerous decentralized applications (dApps), causing alarm among users and developers, it has now been corrected. This has been confirmed by Ledger through its social networks when announcing the distribution of the Ledger Connect Kit 1.1.8 update:

It has been learned that this failure originated after a phishing attack on a Ledger employee, which led to the leak of his access to NPM (Node Package Manager), a platform for managing software packages in Node.js. The attacker exploited this vulnerability to publish malicious versions of Ledger Connect Kit (versions 1.1.4, 1.1.5 and 1.1.6) and a corrupt version of Wallet Connect, aimed at redirecting to a wallet controlled by the attacker the funds of users who interacted with these tools in dApps and DeFi​​.

What Was About The Security Attack On Ledger That Affected dApps

The vulnerability allowed the insertion of malicious code into the frontend of a dApp, making it possible for users to interact with altered interfaces without realizing it. Ledger, known for its hardware wallets, claimed to have solved the security breach in less than 40 minutes, although the vulnerability was active for a period of around 5 hours.

The company is in communication with affected customers and is working proactively to assist them, in addition to collaborating with law enforcement authorities to identify the attacker. Ledger has encouraged developers to check if they are using the most recent version of its library (v. 1.1.8) and take additional security measures, such as checking the cache for altered code​​.

More crypto news:

Follow me
Fundador at Criptokio.com
Jakub Motyka is an editor and cryptocurrency expert with an outstanding professional profile in the field of digital finance and blockchain technology. His career includes extensive experience writing and editing content related to the world of cryptocurrencies, covering a wide range of topics from technical and market analysis to technological developments and emerging trends in the industry.
Jakub Motyka
Follow me
Jakub Motyka

By Jakub Motyka

Jakub Motyka is an editor and cryptocurrency expert with an outstanding professional profile in the field of digital finance and blockchain technology. His career includes extensive experience writing and editing content related to the world of cryptocurrencies, covering a wide range of topics from technical and market analysis to technological developments and emerging trends in the industry.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *