Follow us on telegram

News

Magazine

Currencies

AML

For users

Ledger CEO announces that the Ledger Connect Kit library vulnerability for DApps has been resolved

Analysts estimate the damage from the exploit at $610 000

Ledger CEO announces that the Ledger Connect Kit library vulnerability for DApps has been resolved

15.12.2023 - 07:49

377

2 min

What’s new? On December 14, an exploit was carried out on the Ledger Connect Kit Javascript library for connecting websites to Ledger hardware wallets. The company itself assured that the attack did not affect the integrity of Ledger hardware or Ledger Live and only affected third-party decentralized applications (DApps) that used the library. In his open letter, Ledger CEO Pascal Gauthier assured that the vulnerability had already been fixed.

Pascal Gauthier’s address

What else is known? Gauthier explained that the exploit was accomplished by phishing a attack on a former employee and injecting a malicious file into the package manager for Javascript code (NPMJS) shared between applications.

Together with partner WalletConnect, the company addressed the vulnerability by updating NPMJS to remove and deactivate the malicious code, which took about 40 minutes. The malicious file itself was active for about five hours, with a withdrawal period of about two hours, Ledger believes.

The company is now automatically updating the Ledger Connect Kit to version 1.1.8, which is safe to use. Gauthier also thanked USDT’s issuer Tether, Chainalysis analysts, and an anonymous blockchain researcher under the nickname ZachXBT for their cooperation. Thus, Tether froze the address of the hacker, as reported by the company’s CEO Paolo Ardoino. According to data from the analytics platform Arkham Intelligence, it contains cryptocurrencies worth $272 944.

Gauthier added that at Ledger, no individual can deploy code without review and approval from multiple parties. Any employee has their access to internal systems revoked upon termination, but there was an “unfortunate isolated incident” and the company will improve its security practices.

The company is also working with law enforcement to help recover stolen assets from affected DApps users. As ZachXBT noted, the damage from the exploit exceeded $610 000.

Author:

Editorial GetBlock Magazine Editorial GetBlock Magazine

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy

Telegram Newsletter Twitter

Trends
CoinGecko aggregator launches a page to track the capitalization of cryptocurrencies created in the United States

As of January 21, the capitalization of this sector of the crypto market exceeds $519 billion

Jan 21, 2025

Market
Hyperliquid exchange reports reaching a record daily trading volume of $21 billion

The platform generated $9,5 million in revenue during the same time

Jan 20, 2025

Market
Grayscale has opened an XRP-based trust for accredited investors

Shares of the Trust are designed to track the market price of XRP with fewer fees and expenses

Jan 17, 2025

Market
Tether has launched its omnichain-stablecoin USDT0 on the Kraken exchange’s Ink network

The asset will allow USDT to move seamlessly between different blockchains

Jan 17, 2025

Market
HyperLiquid team announces plans to increase the decentralization of the project

Earlier, the community criticized the project for its lack of transparency, which led to a sharp drop in the HYPE token price

Jan 8, 2025

Market
CoinDesk allowed the possibility of BTC to fall amid the growth of the MOVE index

Rising US Treasury bond yields are negatively affecting risk assets

Jan 8, 2025

Cryptocurrency rates

  • Bitcoin

    Bitcoin

    $105 376

    BTC

    +3.32%

  • Ethereum

    Ethereum

    $3 309.45

    ETH

    +2.16%

  • Ripple

    Ripple

    $3.17

    XRP

    +3.88%

  • BNB Smart Chain

    BNB Smart Chain

    $579.4

    BSC

    +1.23%

  • Dogecoin

    Dogecoin

    $0.366688

    DOGE

    +7.54%

  • Cardano

    Cardano

    $0.997586

    ADA

    +2.44%

  • Stellar XLM

    Stellar XLM

    $0.43295

    XLM

    +0.04%

  • Polkadot

    Polkadot

    $6.61

    DOT

    +5.7%

  • Bitcoin Cash

    Bitcoin Cash

    $449.07

    BCH

    +5.72%

  • Litecoin

    Litecoin

    $116.54

    LTC

    +1.38%

News

Jan 21, 2025

Binance top executive Tigran Gambaryan may take a senior position in the new Trump administration

Jan 21, 2025

Blockchain analyst ZachXBT spoke about the lack of payments from US authorities for assistance in crypto hacking investigations

Jan 21, 2025

CoinGecko aggregator launches a page to track the capitalization of cryptocurrencies created in the United States

Jan 21, 2025

Gary Gensler will be replaced as chair of the SEC by crypto lawyer Mark Uyeda

Jan 21, 2025

Ethereum Foundation has created a wallet for investing in DeFi protocols

Jan 20, 2025

Gemini Exchange has chosen Malta as the hub for the MiCA license application

Jan 20, 2025

Hyperliquid exchange reports reaching a record daily trading volume of $21 billion

New in the knowledge base

Basics

Monero: Behind the scenes of anonymity. How does the new generation cryptocurrency work?

Dec 18, 2024

Basics

PancakeSwap: How it works, features and ways to make money on the popular DEX exchange

Dec 12, 2024

Basics

Sei: the fastest Layer 1 blockchain ever

Nov 26, 2024

Basics

What is DePIN in cryptocurrencies?

Nov 6, 2024

Basics

What is Celestia? The first modular blockchain in the crypto industry

Oct 17, 2024

GetBlock.net — your guide in the world of crypto

For all questions, please contact [email protected]