Ledger Fixes Critical Bug Affecting Decentralized Apps. Now Is It Safe To Use Ledger Connect Kit

Jakub Motyka

Jakub Motyka

5 months ago · Updated 5 months ago

Ledger Connect Kit 1.1.8

✍️ 20 December, 2023 - 15:19 👤 Editor: Jakub Motyka

  • Ledger has just released the update that fixes the vulnerability that affected its Ledger Connect Kit yesterday.
  • The attack allowed hackers to insert malicious code that could affect any dApp user in the crypto ecosystem.
  • The latest news about cryptos on our Telegram channel.

The recent security flaw in the Ledger Connect Kit library that put it in check to numerous decentralized applications (dApps), causing alarm among users and developers, it has now been corrected. This has been confirmed by Ledger through its social networks when announcing the distribution of the Ledger Connect Kit 1.1.8 update:


It has been learned that this failure originated after a phishing attack on a Ledger employee, which led to the leak of his access to NPM (Node Package Manager), a platform for managing software packages in Node.js. The attacker exploited this vulnerability to publish malicious versions of Ledger Connect Kit (versions 1.1.4, 1.1.5 and 1.1.6) and a corrupt version of Wallet Connect, aimed at redirecting to a wallet controlled by the attacker the funds of users who interacted with these tools in dApps and DeFi​​.



Suscríbete GRATIS y recibe EL MANUAL CRIPTO 2024 sin coste







What Was About The Security Attack On Ledger That Affected dApps

The vulnerability allowed the insertion of malicious code into the frontend of a dApp, making it possible for users to interact with altered interfaces without realizing it. Ledger, known for its hardware wallets, claimed to have solved the security breach in less than 40 minutes, although the vulnerability was active for a period of around 5 hours.

The company is in communication with affected customers and is working proactively to assist them, in addition to collaborating with law enforcement authorities to identify the attacker. Ledger has encouraged developers to check if they are using the most recent version of its library (v. 1.1.8) and take additional security measures, such as checking the cache for altered code​​.

More crypto news:

🎁 Nuestro partner te regala 15€ por comprar criptomonedas:

Leave a Reply

Your email address will not be published. Required fields are marked *

Go up

Tags

Aave (AAVE) Ankr (ANKR) Arbitrum (ARB) Bankruptcy Binance Bitcoin (BTC) Bitcoin ETF Bone ShibaSwap (BONE) Bonk (BONK) Burn Cardano (ADA) Coinbase Curve DAO Token (CRV) Dogecoin (DOGE) Ethereum (ETH) FTX Games Hackers Huobi Huobi Token (HT) India Kraken Kucoin Ledger Lido DAO (LDO) Locus Chain (LOCUS) Maker (MKR) Mango Markets (MNGO) MEXC Global Michael Saylor MicroStrategy Monero (XMR) PancakeSwap (CAKE) Phala Network (PHA) Polygon (MATIC) PR Prysmatic Labs Quant Network (QNT) Regulation SEC Shiba Inu (SHIB) Solana (SOL) Terra Classic (LUNC) Tornado Cash (TORN) Uniswap (UNI)

About Us

Criptokio.com is a website about Bitcoin, altcoins, blockchain and the crypto world in general founded in 2021. Find the latest news about cryptocurrencies, the best tutorials and, if you want to know us better, take a look at our About us page.

Disclaimer

The content is for informational purposes only and may include the author's personal opinion, and does not necessarily reflect the opinion of Criptokio.com. All financial investments, including crypto, carry significant risk, so always do your complete research before investing. Never invest money you cannot afford to lose; the author or the publication does not hold any responsibility for your financial loss or gains.

Follow us

Follow us on Google News