Hardware Wallet Provider Ledger Warns Users of Library ConnectKit Compromise
Ledger, a hardware wallet provider, has issued a warning to its users about connecting to any supported decentralized applications (dApps) using its software. The company discovered a malicious version of its Library ConnectKit and removed it from its backend. While Ledger reassured users that their devices and Ledger Live apps are unaffected, they strongly advised against interacting with any dApps temporarily.
Compromised Library ConnectKit Discovered
A developer on X identified the compromised library connectkit, which was found to have a drainer injected into the backend of the Ledger software. The drainer was added to a content delivery network (CDN) hosting the software library. This compromise affects dApps using versions 1.14 and above of Ledger’s ConnectKit.
RevokeCash and Kyber Network Confirm Incident
Blockchain projects RevokeCash and Kyber Network have confirmed the incident. RevokeCash briefly suspended its website but has since rectified the issue. Users are advised not to connect their crypto wallets to any blockchain protocol for the remainder of the day.
Caution Advised Even After Issue Is Addressed
The Ledger protocol is actively working to eliminate the wallet-draining payload from its CDN service. However, caution is still advised among crypto users when engaging with Web3-based solutions. Ethereum core developer Hudson Jameson warned that visiting dApps linked to the Ledger ecosystem could reveal crypto wallet details. Users should refrain from interacting with affected dApps until an update is released.
Hot Take: Industry Experts Urge Vigilance Following Ledger’s Compromise
The compromise of Ledger’s Library ConnectKit has raised concerns among industry experts about the security of crypto wallets and dApps. Users are advised to exercise caution when interacting with Web3-based solutions and to refrain from using affected dApps until updates are released. The incident highlights the importance of staying informed about potential vulnerabilities in the crypto space and taking necessary precautions to protect assets.