bitcoin
Bitcoin (BTC) $ 62,966.87 2.25%
ethereum
Ethereum (ETH) $ 3,467.11 2.09%
tether
Tether (USDT) $ 0.998764 0.06%
bnb
BNB (BNB) $ 577.27 0.10%
solana
Solana (SOL) $ 148.47 3.58%
staked-ether
Lido Staked Ether (STETH) $ 3,460.92 2.08%
usd-coin
USDC (USDC) $ 1.00 0.07%
xrp
XRP (XRP) $ 0.478614 1.24%
the-open-network
Toncoin (TON) $ 7.63 0.54%
dogecoin
Dogecoin (DOGE) $ 0.124465 1.39%
Blog

Decentralized applications pause Ledger Connect as exploit fix deployed

Ledger has since attributed the exploit to a phishing attack on a former employee.

Decentralized applications pause Ledger Connect as exploit fix deployed

More decentralized applications (DApps) have temporarily disabled their front-end user interface for Ledger Connect amid an exploit on Dec. 14.

Developers of the nonfungible token (NFT) platform OpenSea said on Dec. 14 that users should “not connect to any dApps using Ledger Connect until further notice.”

Meanwhile, decentralized finance (DeFi) protocol Lido Finance stated its “front-ends have been switched off as a precautionary measure whilst the Ledger connect issue is being investigated.”

Earlier in the day, the front ends of Zapper, SushiSwap, Phantom, Balancer and Revoke.cash were compromised as part of the Ledger Connect exploit. Ledger has since stated that the exploit has been patched, with the issue stemming from a “malicious version of the Ledger Connect Kit.”

“A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.”

Preliminary reports claim that the attack has drained at least $484,000 in digital assets. Tether, the issuer of the Tether (USDT) stablecoin, has since frozen the exploiter’s address. According to Ledger developers, a “genuine version” of the Ledger Connect Kit is “being propagated now automatically.” That said, users are recommended to wait 24 hours before using the kit again.

The exploit has been attributed to a phishing attack on a former Ledger employee, which allowed hackers to gain access to sensitive information. “We are filing a complaint and working with law enforcement on the investigation to find the attacker,” developers wrote. An estimated two hours lapsed between the draining of funds and when a fix was deployed.

FINAL TIMELINE AND UPDATE TO CUSTOMERS:

4:49pm CET:

Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.

The investigation continues, here is the timeline of what we know about…

— Ledger (@Ledger) December 14, 2023

Related: Fake Ledger Live app sneaks into Microsoft’s app store, $588K stolen

Related Posts
Microsoft-president-says-fintechs-should-leave-currency-to-central-banks
Cointelegraph Feed

Microsoft president says fintechs should leave currency to central banks

Microsoft president Brad Smith is not keen on the idea of technology companies issuing private stablecoins. 2894 Total views 29 Total shares For Brad Smith, president of the Microsoft Corporation, fintech firms have no business issuing private digital currencies.According to Bloomberg, Smith gave these remarks while speaking at an online conference organized by the Bank…
Nigeria-plans-cbdc-rollout,-salvadoran-retirees-protest-bitcoin-law,-twitter-to-add-btc-and-eth-tipping-feature:-hodler’s-digest,-aug-29-sept.-4
Cointelegraph Feed

Nigeria plans CBDC rollout, Salvadoran retirees protest Bitcoin Law, Twitter to add BTC and ETH tipping feature: Hodler’s Digest, Aug. 29-Sept. 4

Coming every Saturday, Hodler’s Digest will help you track every single important news story that happened this week. The best (and worst) quotes, adoption and regulation highlights, leading coins, predictions and much more — a week on Cointelegraph in one link.Top Stories This WeekNigeria’s central bank partners with fintech firm Bitt Inc. for CBDC rolloutCentral…
Loading data ...
Comparison
View chart compare
View table compare
Back To Top