Follow us on telegram

News

Magazine

Currencies

AML

For users

Ledger CEO announces that the Ledger Connect Kit library vulnerability for DApps has been resolved

Analysts estimate the damage from the exploit at $610 000

Ledger CEO announces that the Ledger Connect Kit library vulnerability for DApps has been resolved

15.12.2023 - 07:49

848

2 min

What’s new? On December 14, an exploit was carried out on the Ledger Connect Kit Javascript library for connecting websites to Ledger hardware wallets. The company itself assured that the attack did not affect the integrity of Ledger hardware or Ledger Live and only affected third-party decentralized applications (DApps) that used the library. In his open letter, Ledger CEO Pascal Gauthier assured that the vulnerability had already been fixed.

Pascal Gauthier’s address

What else is known? Gauthier explained that the exploit was accomplished by phishing a attack on a former employee and injecting a malicious file into the package manager for Javascript code (NPMJS) shared between applications.

Together with partner WalletConnect, the company addressed the vulnerability by updating NPMJS to remove and deactivate the malicious code, which took about 40 minutes. The malicious file itself was active for about five hours, with a withdrawal period of about two hours, Ledger believes.

The company is now automatically updating the Ledger Connect Kit to version 1.1.8, which is safe to use. Gauthier also thanked USDT’s issuer Tether, Chainalysis analysts, and an anonymous blockchain researcher under the nickname ZachXBT for their cooperation. Thus, Tether froze the address of the hacker, as reported by the company’s CEO Paolo Ardoino. According to data from the analytics platform Arkham Intelligence, it contains cryptocurrencies worth $272 944.

Gauthier added that at Ledger, no individual can deploy code without review and approval from multiple parties. Any employee has their access to internal systems revoked upon termination, but there was an “unfortunate isolated incident” and the company will improve its security practices.

The company is also working with law enforcement to help recover stolen assets from affected DApps users. As ZachXBT noted, the damage from the exploit exceeded $610 000.

Author:

Editorial GetBlock Magazine Editorial GetBlock Magazine

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy

Telegram Newsletter Twitter

Incidents
Hackers exploit Taiko, steal $1.7M and force network shutdown

Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.

Jun 22, 2026

Incidents
Washington man sentenced to 5 years for laundering $97 million through cryptocurrency

The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.

Jun 10, 2026

Incidents
Hacker drains $660,000 from Polymarket's internal wallet

The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit

May 22, 2026

Incidents
THORChain loses $10.8M in hacker attack

Following the incident, the project temporarily halted trading operations and node activity.

May 15, 2026

Incidents
Claude helps recover access to 5 BTC after more than 10 years

The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file

May 14, 2026

Crypto regulations
South Korea tightens control over outbound crypto transfers

Authorities are introducing mandatory registration for companies handling cross-border crypto transactions

May 8, 2026

Cryptocurrency rates

  • Bitcoin

    Bitcoin

    $59 221

    BTC

    -1.42%

  • Ethereum

    Ethereum

    $1 561.59

    ETH

    -0.67%

  • BNB Smart Chain

    BNB Smart Chain

    $579.4

    BSC

    +1.23%

  • Ripple

    Ripple

    $1.04

    XRP

    -0.52%

  • TRON

    TRON

    $0.160134

    TRX

    -1.59%

  • Dogecoin

    Dogecoin

    $0.072584

    DOGE

    -2.44%

  • Zcash

    Zcash

    $372.59

    ZEC

    -6.61%

  • Stellar XLM

    Stellar XLM

    $0.1712

    XLM

    -1.51%

  • Cardano

    Cardano

    $0.143061

    ADA

    -1.45%

  • Polkadot

    Polkadot

    $3.32

    DOT

    +5.27%

News

Jun 26, 2026

Polymarket Hack: User Losses Estimated at Nearly $3 Million

Jun 22, 2026

Hackers exploit Taiko, steal $1.7M and force network shutdown

Jun 18, 2026

U.S. Court: Crypto Influencer Pleads Guilty in $1.8 Billion Fraud Case

Jun 11, 2026

Hacker drains $1.34 million from legacy Raydium liquidity pools

Jun 10, 2026

Washington man sentenced to 5 years for laundering $97 million through cryptocurrency

Jun 4, 2026

DOJ reports $3.8 Million in crypto frozen during international anti-fraud operation

May 27, 2026

South Korea uncovers fraud scheme involving Solana meme coin CATFI

New in the knowledge base

Basics

What is Zcash? A complete guide to private cryptocurrency

Jan 15, 2026

Basics

How to pass KYC verification?

Dec 1, 2025

Basics

What is CBDC currency in simple terms: how central bank digital currency works

Nov 6, 2025

Basics

Cryptocurrency ETFs: what they are and how they work (bitcoin, Ethereum, altcoins)

Oct 9, 2025

Basics

What data do crypto exchanges share with regulators and why is it necessary?

Oct 7, 2025

GetBlock.net — your guide in the world of crypto

For all questions, please contact [email protected]