A prominent hardware wallet manufacturer, Ledger, has issued a warning to users following the discovery of a compromised version of its Connect Kit.
Developers identified malicious code in the library used for Ledger’s hardware wallets to connect with decentralized applications (dApps). Ledger is urging users to avoid interacting with dApps until a genuine version replaces the compromised file.
The attack, utilizing a wallet-draining payload, affected several dApps, including Sushi.com and Hey.xyz. Following this breach, MetaMask also cautioned its users against using dApps as a precautionary measure.
In response to the exploit, Tether, a major stablecoin issuer, took swift action by freezing the address associated with the attackers. This proactive step was aimed at mitigating any unauthorized fund transfers and safeguarding users affected by the compromised library.
Ledger assures users that its devices and Ledger Live app remain uncompromised, and they are actively working to resolve the situation. This incident follows recent criticisms of Ledger’s security, including a fraudulent app on the Microsoft Store and a hacked customer email database.
In a related security breach, the Ledger library crucial for dApp interaction with hardware wallets has been compromised with malicious code aimed at unauthorized fund transfers.
The altered code could initiate unauthorized transactions, posing a widespread threat to over 300 projects/apps, including Wagmi and RevokeCash. Ledger is addressing the issue, acknowledging the compromise, with over $600,000 reportedly drained by malicious actors.
Users are advised to refrain from interacting with any crypto applications until Ledger or their app developers confirm a resolution and ensure no vulnerable library versions are in use.
Also Read: Ledger Alerts XRP Community To Airdrop Scam
