Follow us on telegram

News

Magazine

Currencies

AML

For users

Ledger CEO announces that the Ledger Connect Kit library vulnerability for DApps has been resolved

Analysts estimate the damage from the exploit at $610 000

Ledger CEO announces that the Ledger Connect Kit library vulnerability for DApps has been resolved

15.12.2023 - 07:49

318

2 min

What’s new? On December 14, an exploit was carried out on the Ledger Connect Kit Javascript library for connecting websites to Ledger hardware wallets. The company itself assured that the attack did not affect the integrity of Ledger hardware or Ledger Live and only affected third-party decentralized applications (DApps) that used the library. In his open letter, Ledger CEO Pascal Gauthier assured that the vulnerability had already been fixed.

Pascal Gauthier’s address

What else is known? Gauthier explained that the exploit was accomplished by phishing a attack on a former employee and injecting a malicious file into the package manager for Javascript code (NPMJS) shared between applications.

Together with partner WalletConnect, the company addressed the vulnerability by updating NPMJS to remove and deactivate the malicious code, which took about 40 minutes. The malicious file itself was active for about five hours, with a withdrawal period of about two hours, Ledger believes.

The company is now automatically updating the Ledger Connect Kit to version 1.1.8, which is safe to use. Gauthier also thanked USDT’s issuer Tether, Chainalysis analysts, and an anonymous blockchain researcher under the nickname ZachXBT for their cooperation. Thus, Tether froze the address of the hacker, as reported by the company’s CEO Paolo Ardoino. According to data from the analytics platform Arkham Intelligence, it contains cryptocurrencies worth $272 944.

Gauthier added that at Ledger, no individual can deploy code without review and approval from multiple parties. Any employee has their access to internal systems revoked upon termination, but there was an “unfortunate isolated incident” and the company will improve its security practices.

The company is also working with law enforcement to help recover stolen assets from affected DApps users. As ZachXBT noted, the damage from the exploit exceeded $610 000.

Author:

Editorial GetBlock Magazine Editorial GetBlock Magazine

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy

Telegram Newsletter Twitter

Market
MicroStrategy to raise another $1,75 billion to buy bitcoins

The company’s unrealized profits from investing in its first cryptocurrency approached $14 billion

Nov 19, 2024

Incidents
Polymarket CEO calls the search in his apartment revenge for Trump’s victory

The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately

Nov 14, 2024

Market
Bitcoin’s correlation with gold has fallen to its lowest since December 2023

Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset

Nov 13, 2024

Market
Bitwise to launch the world’s first Aptos token-based exchange product in staking

The product will begin trading on the Swiss Exchange on November 19

Nov 12, 2024

Market
MicroStrategy has completed the largest bitcoin purchase deal at $2,03 billion

The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion

Nov 12, 2024

Market
Bernstein: The bull crypto market has begun. Buy everything you can

The company predicts that the rate of the first cryptocurrency will grow to $200 000 by the end of next year

Nov 11, 2024

Cryptocurrency rates

  • Bitcoin

    Bitcoin

    $98 966

    BTC

    +1.5%

  • Ethereum

    Ethereum

    $3 389.34

    ETH

    +7.93%

  • BNB Smart Chain

    BNB Smart Chain

    $579.4

    BSC

    +1.23%

  • Ripple

    Ripple

    $1.39

    XRP

    +23.32%

  • Dogecoin

    Dogecoin

    $0.397098

    DOGE

    +2.1%

  • Cardano

    Cardano

    $0.885254

    ADA

    +11.06%

  • Bitcoin Cash

    Bitcoin Cash

    $497.79

    BCH

    -1.22%

  • Polkadot

    Polkadot

    $6.23

    DOT

    +8.76%

  • Stellar XLM

    Stellar XLM

    $0.284093

    XLM

    +17.52%

  • Litecoin

    Litecoin

    $90.82

    LTC

    +4.23%

News

Nov 21, 2024

BIS: Institutions act as the main providers of liquidity on decentralized exchanges

Nov 21, 2024

Japan’s parliament will consider reducing the tax on crypto income to 20%

Nov 21, 2024

SEC returns $4,6 million to participants in BitClave’s CAT token ICO

Nov 21, 2024

Glassnode: Bitcoin funds have absorbed most of the selling pressure of long-term holders

Nov 21, 2024

Arkham Intelligence analytics platform will launch a spot exchange in the United States

Nov 20, 2024

Blockchain platform Catizen will conduct a $5б8 million buyback and burning of CATI tokens

Nov 20, 2024

South Korean Parliament will consider the implementation of a tax on crypto income from 2025

New in the knowledge base

Basics

What is DePIN in cryptocurrencies?

Nov 6, 2024

Basics

What is Celestia? The first modular blockchain in the crypto industry

Oct 17, 2024

Basics

EigenLayer: what is it and how does decentralized restaking work?

Aug 16, 2024

Basics

What is Internet Computer (ICP)

Apr 26, 2024

Basics

What is Cosmos (ATOM)

Dec 16, 2023

GetBlock.net — your guide in the world of crypto

For all questions, please contact [email protected]