
b – live.staticflickr.com
Crypto wallet Ledger has resolved a security issue in its connector library after multiple decentralized applications (DApps), including Zapper, SushiSwap, Phantom, Balancer and Revoke.cash, experienced a security breach affecting their front ends on December 14.
Three hours after discovering the breach, Ledger acknowledged the vulnerability and promptly replaced the malicious file with the authentic version.
Ledger advises users to always “Clear Sign” transactions and emphasizes that the addresses and information displayed on the Ledger screen are the only authentic data. It recommends canceling any transaction if there is a discrepancy between the Ledger device screen and the computer or phone screen.
“The genuine Ledger Connect Kit 1.1.8 is now fully propagated. Ledger and WalletConnect can confirm that the malicious code was deactivated. You are now safe to use your Ledger Connect Kit. Reminder that that we always encourage clear signing,” Ledger said on social media.
SushiSwap CTO Matthew Lilley was one of the earliest to report the issue. He highlighted a common Web3 connector compromise, allowing the injection of harmful code into many DApps. An on-chain analyst confirmed the compromise in the Ledger library, revealing that the vulnerable code had inserted the drainer account address.
“What happened? In short, @Ledger made a chain of terrible blunders. 1. They are loading JS from a CDN. 2. They are not version locking loaded JS. 3. They had their CDN compromised. would avoid using ANY dApps until their teams confirm that they have mitigated the attack,” said Lilley in a social media post.
After resolving the issue, Ledger reminded users to prioritize their privacy and emphasized the importance of never sharing personal authentication information.
“Remember: 1. NEVER ever share your 24-word Secret Recover Phrase with anyone 2. Anyone who asks for it is a criminal,” said Ledger.
Lately, Ledger has been receiving criticism regarding its security, especially concerning the wallet’s voluntary ID-based Recovery service, which has disturbed crypto users. This service, priced at $9.99 per month, backs up users’ seed phrases.
A seed phrase is a list of words containing all the necessary information to recover cryptocurrency stored in a hardware wallet if it’s lost or stolen. Users are required to remember a 12-word phrase, usually comprised of random and challenging words.
Introduced in May through a firmware update, the service, not connected to the recent attack, divides the user’s seed phrase and stores it among three different custodians. Users must provide their passport or national ID card for verification.
Users said this move had created a backdoor. Despite the company’s assurance that users can still personally back up their seed phrases, they remain concerned about the implications for security if they choose not to use the service.
However, Ledger co-founder Éric Larchevêque referred to the issue as “a PR failure, not a technical one.”
The company further claimed that its devices have no backdoor and emphasized that this service is completely optional. Therefore, if users choose not to opt in, it will not impact their Ledger devices.
In November, a fake Ledger app on the Microsoft App Store siphoned off almost $1 million from unaware customers.
Ledger had previously faced security problems, such as a 2020 data breach that exposed customer data, raising concerns about sim swapping and home invasion attacks.
Players must be 21 years of age or older or reach the minimum age for gambling in their respective state and located in jurisdictions where online gambling is legal. Please play responsibly. Bet with your head, not over it. If you or someone you know has a gambling problem, and wants help, call or visit: (a) the Council on Compulsive Gambling of New Jersey at 1-800-Gambler or www.800gambler.org; or (b) Gamblers Anonymous at 855-2-CALL-GA or www.gamblersanonymous.org.
Trading financial products carries a high risk to your capital, especially trading leverage products such as CFDs. CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. Between 74-89% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
This site is using Cloudflare and adheres to the Google Safe Browsing Program. We adapted Google's Privacy Guidelines to keep your data safe at all times.
Crypto Gambling is not available at your location.
For US visitors, we recommend playing at
Stake.us
Social Casino instead.
Crypto Gambling is not available at your location.
For US visitors, we recommend playing at
Stake.us
Social Casino instead.