As known from:
known from Coinwireknown from Benchknown from Coinindex
  • About CryptoGmblr.com
Contains commercial content
Cryptogambling / Crypto wallet Ledger fixes security issue in connector library

Crypto wallet Ledger fixes security issue in connector library

Publish Date: 15/12/2023
b, tags: ledger security issue connector - live.staticflickr.com

b – live.staticflickr.com

Crypto wallet Ledger has resolved a security issue in its connector library after multiple decentralized applications (DApps), including Zapper, SushiSwap, Phantom, Balancer and Revoke.cash, experienced a security breach affecting their front ends on December 14.

Three hours after discovering the breach, Ledger acknowledged the vulnerability and promptly replaced the malicious file with the authentic version.

Ledger advises users to always “Clear Sign” transactions and emphasizes that the addresses and information displayed on the Ledger screen are the only authentic data. It recommends canceling any transaction if there is a discrepancy between the Ledger device screen and the computer or phone screen.

“The genuine Ledger Connect Kit 1.1.8 is now fully propagated. Ledger and WalletConnect can confirm that the malicious code was deactivated. You are now safe to use your Ledger Connect Kit. Reminder that that we always encourage clear signing,” Ledger said on social media.

SushiSwap CTO Matthew Lilley was one of the earliest to report the issue. He highlighted a common Web3 connector compromise, allowing the injection of harmful code into many DApps. An on-chain analyst confirmed the compromise in the Ledger library, revealing that the vulnerable code had inserted the drainer account address.

“What happened? In short, @Ledger made a chain of terrible blunders. 1. They are loading JS from a CDN. 2. They are not version locking loaded JS. 3. They had their CDN compromised. would avoid using ANY dApps until their teams confirm that they have mitigated the attack,” said Lilley in a social media post.

After resolving the issue, Ledger reminded users to prioritize their privacy and emphasized the importance of never sharing personal authentication information.

“Remember: 1. NEVER ever share your 24-word Secret Recover Phrase with anyone 2. Anyone who asks for it is a criminal,” said Ledger.

Criticism surrounding Ledger

Lately, Ledger has been receiving criticism regarding its security, especially concerning the wallet’s voluntary ID-based Recovery service, which has disturbed crypto users. This service, priced at $9.99 per month, backs up users’ seed phrases.

A seed phrase is a list of words containing all the necessary information to recover cryptocurrency stored in a hardware wallet if it’s lost or stolen. Users are required to remember a 12-word phrase, usually comprised of random and challenging words.

Introduced in May through a firmware update, the service, not connected to the recent attack, divides the user’s seed phrase and stores it among three different custodians. Users must provide their passport or national ID card for verification.

Users said this move had created a backdoor. Despite the company’s assurance that users can still personally back up their seed phrases, they remain concerned about the implications for security if they choose not to use the service.

However, Ledger co-founder Éric Larchevêque referred to the issue as “a PR failure, not a technical one.”

The company further claimed that its devices have no backdoor and emphasized that this service is completely optional. Therefore, if users choose not to opt in, it will not impact their Ledger devices.

In November, a fake Ledger app on the Microsoft App Store siphoned off almost $1 million from unaware customers.

Ledger had previously faced security problems, such as a 2020 data breach that exposed customer data, raising concerns about sim swapping and home invasion attacks.

Top Online Casinos
Top Casinos Bonuses
Stake.us
Stake.us
Stake.us Review
4.6/5
McLuck
McLuck
McLuck Review
4.6/5
Wow Vegas
Wow Vegas
Wow Vegas Review
4.5/5
High5Casino
High5Casino
High5Casino Review
4.1/5
Fortune Coins
Fortune Coins
Fortune Coins Review
3.8/5
Stake.us
Stake.us Bonus
55 Stake Cash + 260K Gold Coins + 5% Rakeback
T&Cs apply
4.6/5
McLuck
McLuck Bonus
27.5 SC FREE and 57.5K Gold Coins
T&Cs apply
4.6/5
Wow Vegas
Wow Vegas Bonus
35 SC FREE and 1.75M WOW Coins
T&Cs apply
4.5/5
High5Casino
High5Casino Bonus
Get 5 SC FREE+ 250 Gold Coins and 600 Diamonds!
T&Cs apply
4.1/5
Fortune Coins
Fortune Coins Bonus
Claim Your Free 650,000 Gold Coins & 1,400 Fortune Coins
T&Cs apply
3.8/5
Latest News
Charles Hoskinson forecasts Altcoin season showdown: ADA vs. DOGE
Cardano (ADA) Faces Dual Meme Coin Competition where ...
Top 5 AI cryptocurrencies ready to thrive during the next bull market
New crypto ventures merge the groundbreaking capabilities of ...
Top Crypto Exchange Sites
Crypto Exchange Guide
  • Crypto Exchanges
  • Betting Exchange
Top Brands
Top Bonuses
Stake.us
Stake.us
Stake.us Review
4.6/5
McLuck
McLuck
McLuck Review
4.6/5
Wow Vegas
Wow Vegas
Wow Vegas Review
4.5/5
High5Casino
High5Casino
High5Casino Review
4.1/5
Fortune Coins
Fortune Coins
Fortune Coins Review
3.8/5
Stake.us
Stake.us Bonus
55 Stake Cash + 260K Gold Coins + 5% Rakeback
T&Cs apply
4.6/5
McLuck
McLuck Bonus
27.5 SC FREE and 57.5K Gold Coins
T&Cs apply
4.6/5
Wow Vegas
Wow Vegas Bonus
35 SC FREE and 1.75M WOW Coins
T&Cs apply
4.5/5
High5Casino
High5Casino Bonus
Get 5 SC FREE+ 250 Gold Coins and 600 Diamonds!
T&Cs apply
4.1/5
Fortune Coins
Fortune Coins Bonus
Claim Your Free 650,000 Gold Coins & 1,400 Fortune Coins
T&Cs apply
3.8/5

Players must be 21 years of age or older or reach the minimum age for gambling in their respective state and located in jurisdictions where online gambling is legal. Please play responsibly. Bet with your head, not over it. If you or someone you know has a gambling problem, and wants help, call or visit: (a) the Council on Compulsive Gambling of New Jersey at 1-800-Gambler or www.800gambler.org; or (b) Gamblers Anonymous at 855-2-CALL-GA or www.gamblersanonymous.org.

Trading financial products carries a high risk to your capital, especially trading leverage products such as CFDs. CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. Between 74-89% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.

This site is using Cloudflare and adheres to the Google Safe Browsing Program. We adapted Google's Privacy Guidelines to keep your data safe at all times.

21+NCPGGamblers AnonymousCloudflareSSLco² neutral
Close
Players accepted in the US US Flag
Stake.us Exclusive Bonus
55 Stake Cash + 260K Gold Coins + 5% Rakeback
Promo Code
Go to Stake.us
Visit Site
T&Cs apply, 18+
Payment Methods
Bitcoin
Litecoin
Ethereum
Dogecoin
Highlights
  • Exclusive promo code: CRYPTGAMBL
  • Play Stake Originals games for free
  • Get free Stake Cash daily just by logging in
Stake Originals
Dice
Crash
Plinko
Mines
×
Your Bonus Code:
The bonus offer of was already opened in an additional window. If not, you can open it also by clicking the following link:
Visit Site