In a major security breach, hackers have targeted Ledger’s connector library, compromising numerous decentralized applications (dApps) that rely on Ledger’s technology. This breach has put Ledger wallet users at risk of theft and has exposed severe vulnerabilities in Ledger’s systems.

The attack involved hackers replacing Ledger’s connector library with a corrupted version, allowing them to hijack transactions and drain user funds. It took nearly three hours for Ledger to notice the compromise and replace the fraudulent library file with a legitimate version.

As a result of the hack, Ledger is warning users to be cautious and to verify transactions by physically checking the information displayed on their Ledger devices. Users are advised to scrutinize all transaction prompts and wallet activity to detect any unauthorized withdrawals.

The breach has affected multiple dApps, including SushiSwap, Balancer, Zapper, and Revoke.cash. SushiSwap’s CTO, Matthew Lilley, was one of the first to raise the alarm about the hack and warned users not to interact with any dApps until further notice.

Lilley blamed Ledger for the vulnerabilities that allowed the hackers to breach multiple dApps. He pointed out that Ledger’s compromised core content delivery network (CDN) enabled attackers to replace legitimate JavaScript files with corrupted ones.

The hack targeted Ledger’s connector library, which is used by various dApps to interface with Ledger’s hardware wallets. Hackers injected malicious code into the library, allowing them to stealthily drain assets from user accounts. The added code could generate fake transaction prompts, misleading users into approving thefts.

Fixing the corrupted code in Ledger’s libraries is not enough to ensure safety. Every project currently using or integrating with Ledger’s Web3 connector libraries must implement updates to protect their users.

While Ledger has acknowledged the hack and claims to have replaced the malicious library file, they have not provided any transparency regarding the attack vector.



This News Article was automatically generated by Bob the Bot (AI)

Information Details
Geography Global
Countries
Sentiment negative
Relevance Score 1
People Matthew Lilley
Companies Ledger, Revoke.cash, Balancer, Zapper, SushiSwap
Currencies None
Securities None

Leave a Reply