Follow us on telegram
Rus
En
Rus
En

News

Magazine

Currencies

AML

For users

Ledger CEO announces that the Ledger Connect Kit library vulnerability for DApps has been resolved

Analysts estimate the damage from the exploit at $610 000

Ledger CEO announces that the Ledger Connect Kit library vulnerability for DApps has been resolved

15.12.2023 - 07:49

150

2 min

What’s new? On December 14, an exploit was carried out on the Ledger Connect Kit Javascript library for connecting websites to Ledger hardware wallets. The company itself assured that the attack did not affect the integrity of Ledger hardware or Ledger Live and only affected third-party decentralized applications (DApps) that used the library. In his open letter, Ledger CEO Pascal Gauthier assured that the vulnerability had already been fixed.

Pascal Gauthier’s address

What else is known? Gauthier explained that the exploit was accomplished by phishing a attack on a former employee and injecting a malicious file into the package manager for Javascript code (NPMJS) shared between applications.

Together with partner WalletConnect, the company addressed the vulnerability by updating NPMJS to remove and deactivate the malicious code, which took about 40 minutes. The malicious file itself was active for about five hours, with a withdrawal period of about two hours, Ledger believes.

The company is now automatically updating the Ledger Connect Kit to version 1.1.8, which is safe to use. Gauthier also thanked USDT’s issuer Tether, Chainalysis analysts, and an anonymous blockchain researcher under the nickname ZachXBT for their cooperation. Thus, Tether froze the address of the hacker, as reported by the company’s CEO Paolo Ardoino. According to data from the analytics platform Arkham Intelligence, it contains cryptocurrencies worth $272 944.

Gauthier added that at Ledger, no individual can deploy code without review and approval from multiple parties. Any employee has their access to internal systems revoked upon termination, but there was an “unfortunate isolated incident” and the company will improve its security practices.

The company is also working with law enforcement to help recover stolen assets from affected DApps users. As ZachXBT noted, the damage from the exploit exceeded $610 000.

Author:

Editorial GetBlock Magazine Editorial GetBlock Magazine

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy

Telegram Newsletter Twitter

Market
ConsenSys challenges the SEC’s classification of ETH as a security

The commission had previously warned the developer of potential enforcement actions

Apr 29, 2024

Market
FBI urges not to use crypto services without KYC system to avoid loss of funds

Funds can be seized by law enforcers due to links to illegal activity

Apr 26, 2024

Market
Tether launches investment, mining, training, and digital asset management divisions

Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins

Apr 18, 2024

Trends
Binance introduces the Megadrop platform for the airdrop of new coins before their listing

The first project introduced on the platform will be BounceBit (BB)

Apr 18, 2024

Business
Foundry pool will distribute profits from mining “epic” satoshi among participants

The rate exchange of the native ACH token reacted with a 10% increase

Apr 18, 2024

Market
Foundry pool will distribute profits from mining “epic” satoshi among participants

Miners are hunting for the first block after halving as the value of the first satoshi could exceed $1 million

Apr 18, 2024

Cryptocurrency rates

  • Bitcoin

    Bitcoin

    $62 895

    BTC

    -1.03%

  • Ethereum

    Ethereum

    $3 175.15

    ETH

    -4.43%

  • BNB Smart Chain

    BNB Smart Chain

    $592.02

    BSC

    -2.04%

  • Ripple

    Ripple

    $0.512308

    XRP

    -1.52%

  • Dogecoin

    Dogecoin

    $0.14315

    DOGE

    -4.52%

  • Cardano

    Cardano

    $0.456361

    ADA

    -2.46%

  • Bitcoin Cash

    Bitcoin Cash

    $460.54

    BCH

    -4.02%

  • Polkadot

    Polkadot

    $6.61

    DOT

    -3.62%

  • Litecoin

    Litecoin

    $83.4

    LTC

    -1.95%

  • Stellar XLM

    Stellar XLM

    $0.11165

    XLM

    -2.01%

News

Apr 29, 2024

Bernstein reiterates its prediction for BTC to rise to $150n000 amid slowing inflows into ETFs

Apr 29, 2024

Weekly crypto derivative outflows hit its highest since March

Apr 29, 2024

US Justice Department declines to drop charges against the founder of the Tornado Cash crypto mixer

Apr 29, 2024

ConsenSys challenges the SEC’s classification of ETH as a security

Apr 29, 2024

Media: Australia’s largest exchange will launch BTC ETF trading by the end of the year

Apr 26, 2024

FBI urges not to use crypto services without KYC system to avoid loss of funds

Apr 26, 2024

CoinShares records an increase in SOL volumes in institutional portfolios

New in the knowledge base

Basics

What is Cosmos (ATOM)

Dec 16, 2023

Wallets

How Telegram Wallet works

Dec 9, 2023

Basics

Flatcoins: the best defense against inflation?

Nov 25, 2023

Basics

​What zkSync is and why it is important for Ethereum. We are explaining in simple words

Nov 2, 2022

Basics

14 years of the bitcoin concept. Unusual facts about the first cryptocurrency

Oct 31, 2022

GetBlock.net — your guide in the world of crypto

For all questions, please contact [email protected]