The hacker behind the attack on Ledger’s connector library stole assets worth nearly $484,000, according to blockchain analysis platform Lookonchain. Ledger has not yet confirmed the figures, but the impact of the security breach could be in the hundreds of thousands, according to the company.
Users on X (Twitter) flagged the incident on Dec. 14, claiming that a popular Web3 connector was compromised, allowing malicious code to be injected into multiple decentralized applications (DApps).
Protocols affected by the incident include Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, but the damage could be even greater. According to some users on X, the vulnerability could exist in other similar programs that are alternatives to LedgerHQ/connect-kit.
According to MetaMask, the hack also affects its users. The wallet provider deployed a fix for its platform, saying its users on the latest version, v2.121.0, should be able “to transact again & will be updated automatically. If you’re not on this version, please refresh your site data.”
most tweets about ledger are wrong
here’s what you need to know:
ALL ACTIVE ETHEREUM WALLETS ARE AT RISK
don’t connect ANY ethereum/evm wallets to ANY apps until further notice
doesn’t matter if it’s a ledger or not
if you didn’t use your wallet today you’re safe— Udi Wertheimer (@udiWertheimer) December 14, 2023
Nearly three hours after the incident, Ledger reported that the malicious version of the file had been replaced with the genuine version around 1:35 pm UTC. The company is warning its users “to always Clear Sign” transactions, adding that the addresses and the information presented on the Ledger screen are the only genuine information:
We have identified and removed a malicious version of the Ledger Connect Kit.
A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.
Your Ledger device and…— Ledger (@Ledger) December 14, 2023
Several protocols have disabled the library since the incident. Stablecoin issuer Tether also froze the exploiter address, according to Paolo Ardoino.
This is a developing story, and further information will be added as it becomes available.