Ledger Takes Action Against Malicious Version of Ledger Connect Kit
Recently, Ledger discovered a malicious version of the Ledger Connect Kit and promptly removed it from circulation. The Ledger Connect Kit is crucial for users engaging with decentralized applications (dApps). To combat the threat, Ledger replaced the malicious file with a new version, 1.1.8.
Key Insights for Ledger Buyers
In response to this incident, Ledger advises users to temporarily refrain from interacting with any decentralized applications (dApps). This cautious approach aims to mitigate potential risks associated with the earlier identified malicious version of the Ledger Connect Kit.
FINAL TIMELINE AND UPDATE TO CUSTOMERS:
4:49pm CET:
Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.
The investigation continues, here is the timeline of what we know about…
— Ledger (@Ledger) December 14, 2023
To address this issue, Ledger swiftly released the authentic version 1.1.8 of the Ledger Connect Kit. This genuine version is currently being distributed to users, ensuring a secure and trustworthy solution for dApp interactions.
As an additional safety measure, Ledger recommends that users wait for 24 hours before utilizing the Ledger Connect Kit again. This waiting period allows for the widespread distribution and installation of the authentic version, guaranteeing a comprehensive and secure update for all users.
Ledger’s Approach to User Tracking
Another recent development involving Ledger is the detection that Ledger Live includes user trackers in every file. This indicates that Ledger openly acknowledges and tracks every click made on Ledger Live, transmitting this information to their servers.
Basically every single file on Ledger Live has user trackers in them
I’ve cleaned a bunch and there’s still 310 files
Ledger REALLY wants to know what you’re doing on Ledger Live. Every click, every keystroke, every thing you look at gets tracked, logged and phoned home to… https://t.co/ojt8zAn3em pic.twitter.com/SclWTlWpWX
— REKTBuildr (@rektbuildr) December 6, 2023
Ledger’s tracking approach aims to collect data on user interactions with Ledger Live. This enables Ledger to enhance the user experience, identify potential issues, and continuously improve the software.
While some users may have concerns about Ledger’s tracking methods, it is important to note that Ledger is transparent about this practice and provides users with the ability to control their data. Users can choose whether to participate in data sharing by adjusting their settings within the Ledger Live application.
Hot Take: Ledger Prioritizes User Security and Transparency
With the recent discovery of a malicious version of the Ledger Connect Kit, Ledger has demonstrated its commitment to user security by promptly removing the threat and releasing an authentic version. By advising users not to interact with dApps temporarily, Ledger prioritizes preventing potential risks.
In addition, Ledger’s approach to user tracking in Ledger Live may raise concerns for some users. However, Ledger’s transparency and user control options ensure that individuals can make informed decisions about their data privacy.
By
By
By
By
By