The hacker behind the attack on Ledger’s connector library stole assets worth nearly $484,000, according to blockchain analysis platform Lookonchain. Ledger has not yet confirmed the figures, but the impact of the security breach could be in the hundreds of thousands, according to the company.
Users on X (Twitter) flagged the incident on Dec. 14, claiming that a popular Web3 connector was compromised, allowing malicious code to be injected into multiple decentralized applications (DApps).
Protocols affected by the incident include Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, but the damage could be even greater. According to some users on X, the vulnerability could exist in other similar programs that are alternatives to LedgerHQ/connect-kit.
According to MetaMask, the hack also affects its users. The wallet provider deployed a fix for its platform, saying its users on the latest version, v2.121.0, should be able “to transact again & will be updated automatically. If you’re not on this version, please refresh your site data.”
most tweets about ledger are wrong
here’s what you need to know:
ALL ACTIVE ETHEREUM WALLETS ARE AT RISK
don’t connect ANY ethereum/evm wallets to ANY apps until further notice
doesn’t matter if it’s a ledger or not
if you didn’t use your wallet today you’re safe
— Udi Wertheimer (@udiWertheimer) December 14, 2023
Nearly three hours after the incident, Ledger reported that the malicious version of the file had been replaced with the genuine version around 1:35 pm UTC. The company is warning its users “to always Clear Sign” transactions, adding that the addresses and the information presented on the Ledger screen are the only genuine information:
“If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.”
We have identified and removed a malicious version of the Ledger Connect Kit.
A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.
Your Ledger device and…
— Ledger (@Ledger) December 14, 2023
Several protocols have disabled the library since the incident. Stablecoin issuer Tether also froze the exploiter address, according to Paolo Ardoino.
Tether just froze the Ledger exploiter address
— Paolo Ardoino (@paoloardoino) December 14, 2023
This is a developing story, and further information will be added as it becomes available.
Read More: cointelegraph.com
Bitcoin 
Ethereum 
Tether 
BNB 
Solana 
USDC 
XRP 
Lido Staked Ether 
Dogecoin 
Toncoin 
Cardano 
Shiba Inu 
Avalanche 
TRON 
Wrapped Bitcoin 
Polkadot 
Bitcoin Cash 
Chainlink 
NEAR Protocol 
Polygon 
Internet Computer 
Litecoin 
Uniswap 
Fetch.ai 
Dai 
LEO Token 
Ethereum Classic 
Hedera 
Aptos 
First Digital USD 
Pepe 
Cronos 
Render 
Stacks 
Mantle 
Cosmos Hub 
dogwifhat 
Filecoin 
Immutable 
Stellar 
XT.com 
Wrapped eETH 
Optimism 
Renzo Restaked ETH 
OKB 
Bittensor 
Arbitrum 
VeChain 
Maker 
The Graph