Ledger Fixes Critical Bug Affecting Decentralized Apps. Now Is It Safe To Use Ledger Connect Kit
✍️ 20 December, 2023 - 15:19 👤 Editor: Jakub Motyka
- Ledger has just released the update that fixes the vulnerability that affected its Ledger Connect Kit yesterday.
- The attack allowed hackers to insert malicious code that could affect any dApp user in the crypto ecosystem.
- The latest news about cryptos on our Telegram channel.
The recent security flaw in the Ledger Connect Kit library that put it in check to numerous decentralized applications (dApps), causing alarm among users and developers, it has now been corrected. This has been confirmed by Ledger through its social networks when announcing the distribution of the Ledger Connect Kit 1.1.8 update:
It has been learned that this failure originated after a phishing attack on a Ledger employee, which led to the leak of his access to NPM (Node Package Manager), a platform for managing software packages in Node.js. The attacker exploited this vulnerability to publish malicious versions of Ledger Connect Kit (versions 1.1.4, 1.1.5 and 1.1.6) and a corrupt version of Wallet Connect, aimed at redirecting to a wallet controlled by the attacker the funds of users who interacted with these tools in dApps and DeFi.
What Was About The Security Attack On Ledger That Affected dApps
The vulnerability allowed the insertion of malicious code into the frontend of a dApp, making it possible for users to interact with altered interfaces without realizing it. Ledger, known for its hardware wallets, claimed to have solved the security breach in less than 40 minutes, although the vulnerability was active for a period of around 5 hours.
The company is in communication with affected customers and is working proactively to assist them, in addition to collaborating with law enforcement authorities to identify the attacker. Ledger has encouraged developers to check if they are using the most recent version of its library (v. 1.1.8) and take additional security measures, such as checking the cache for altered code.
More crypto news:
- SushiSwap Has Been Hacked: Do Not Use The Platform Until Further Notice
- Bitcoin's (BTC) Price Bullish Rebound: Next Target At $44,700. Navigating Resistance to Eye New Yearly Highs
- Vitalik Buterin Unveils Network Manipulation. Ethereum At Crossroads: High Stakes In Gas Fees As Power Concentrates Among Few
Leave a Reply