On December 14, hackers exploited the kit, prompting Ledger to swiftly eliminate the vulnerability with its partners. The breach was limited to third-party dApps using the Ledger Connect Kit and is currently under investigation.
Ledger, known for stringent security practices, emphasized that the incident was an isolated case. The company, which filed a complaint, has frozen stolen funds and pledged assistance to affected users in recovering their assets. Ledger is actively cooperating with law enforcement to track and apprehend the perpetrators.
To enhance security measures, Ledger plans to implement stricter controls in its build pipeline, connecting it to the NPM distribution channel. The company emphasized the dynamic nature of security and the need for continuous improvement.
The letter revealed that the Ledger Connect Kit exploit resulted from a former employee falling victim to a phishing attack, allowing the malicious code to run for less than two hours. Ledger promptly released Connect Kit version 1.1.8, deactivating the malicious code in Ledger and WalletConnect. While users are now safe, Ledger recommends waiting 24 hours and clearing the browser cache as a precautionary measure.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Crypto investors should get their hands on these promising tokens in the coming week
Discover the 50% bonus on BlockDAG coins celebrating their testnet launch success, alongside updates on…
The ETH price continues to suffer downward pressure due to the outflows from the Spot…
BlackRock’s iShares Ethereum ETF (ETHA) has exceeded $1 billion in assets, making it one of…
Canada extends crypto compliance deadline to the end of 2024, giving exchanges more time to…
This article will explore which cryptos are considered securities, and how you can navigate the…
This website uses cookies.