Hackers attacked DApps using Ledger Connect tool code vulnerability
The company assured that they have already eliminated the malware version of the tool
14.12.2023 - 14:16
798
3 min
0
What’s new? Hardware wallet maker Ledger said it has removed a malicious version of the Ledger Connect kit, a tool that allows developers to connect their decentralized applications to the company’s physical devices. Earlier, an anonymous blockchain analyst under the nickname banteg reported that the tool’s library had been compromised and replaced with malicious code to empty users’ wallets, prompting him to recommend against interacting with apps using Ledger Connect. He later confirmed that the company had updated the code and fixed the vulnerability.
What else is known? Due to the incident, decentralized exchanges (DEXs) SushiSwap and KyberSwap have temporarily disabled their user interfaces to avoid losing funds. At the time of writing, KyberSwap has restored the interface, assuring that it was not affected by the Ledger Connect exploit. At the same time, the exchange’s team urged users to be cautious when connecting their wallets to decentralized applications, attaching a screenshot of the malicious interface.
For its part, SushiSwap is still working on removing the Ledger Connect tool. The developers warned that the wallet connection window that pops up when visiting the exchange’s website is malicious. Experts at blockchain audit firm PeckShield said the exchange’s interface has been compromised.
The Curve Finance DeFi protocol team has also removed Ledger from the list of wallets available for connection.
Stani Kulechov, the founder of the DeFi protocol Aave, assured that his project was not affected by the exploit and that all funds are safe.
So far, the exact amount of damage is unknown.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$59 221
BTC
-1.42%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.04
XRP
-0.52%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.072584
DOGE
-2.44%
-
Zcash
$372.59
ZEC
-6.61%
-
Stellar XLM
$0.1712
XLM
-1.51%
-
Cardano
$0.143061
ADA
-1.45%
-
Polkadot
$3.32
DOT
+5.27%