News

Ledger Connect Kit Exploit Still Under Active Investigation

Key Points:
  • Ledger faced a brief security breach on December 14th through its Connect Kit, affecting third-party DApps.
  • The wallet issuer swiftly addressed the Ledger Connect Kit exploit, freezing stolen funds, filing a complaint, and deactivating malicious code within two hours.
  • It plans to enhance security measures, connecting its build pipeline to NPM for continuous improvement in cybersecurity.
In a public letter, Pascal Gauthier, Chairman and CEO of Ledger, addressed a recent security breach involving the Ledger Connect Kit exploit, a Javascript library linking websites to wallets.

Ledger’s Swift Response to Ledger Connect Kit Exploit

On December 14, hackers exploited the kit, prompting Ledger to swiftly eliminate the vulnerability with its partners. The breach was limited to third-party dApps using the Ledger Connect Kit and is currently under investigation.

Ledger, known for stringent security practices, emphasized that the incident was an isolated case. The company, which filed a complaint, has frozen stolen funds and pledged assistance to affected users in recovering their assets. Ledger is actively cooperating with law enforcement to track and apprehend the perpetrators.

Ledger Takes Proactive Measures After Recent Security Incident

To enhance security measures, Ledger plans to implement stricter controls in its build pipeline, connecting it to the NPM distribution channel. The company emphasized the dynamic nature of security and the need for continuous improvement.

The letter revealed that the Ledger Connect Kit exploit resulted from a former employee falling victim to a phishing attack, allowing the malicious code to run for less than two hours. Ledger promptly released Connect Kit version 1.1.8, deactivating the malicious code in Ledger and WalletConnect. While users are now safe, Ledger recommends waiting 24 hours and clearing the browser cache as a precautionary measure.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Best Altcoins to Buy Today: Qubetics Rides 1000x Potential to Hit $2.6M, Ethereum Stays Rangebound, Tron USDT Transactions Hit $52B

Discover the best cryptos to buy and hold today: Qubetics leads with 1000x potential, Ethereum…

1 hour ago

Trump Media Company Is Pushing New Venture For Crypto Service

With the platform facing a cracked whip, Trump Media company is expanding into new business…

2 hours ago

Crypto Advisory Council Now A White House Position Attracting Leaders

Major crypto firms, including Ripple, Kraken, and Circle, are competing for spots on President-elect Donald…

2 hours ago

Analyst Sounds Major Breakout Alert Amid Shiba Inu, WallitIQ, And Dogecoin Price Recoveries

Analysts highlight a breakout alert as Shiba Inu (SHIB), and Dogecoin show signs of recovery…

3 hours ago

SEC Chair Gary Gensler Will Lose Power From January 20

SEC Chair Gary Gensler will step down on January 20, 2025, coinciding with President-elect Donald…

3 hours ago

MicroStrategy Convertible Notes Now Out of Stock With $3B Raised

The MicroStrategy convertible notes offering, initially set at $1.75 billion, was increased to $2.6 billion…

3 hours ago

This website uses cookies.