Hardware Wallet Manufacturer Warns Users About Malicious Dapps
Hardware wallet manufacturer Ledger has issued a warning to its users, urging them not to connect to decentralized applications (dapps) due to the discovery of a malicious version of the Ledger Connect Kit. The company has identified and removed the malicious file, and a genuine version is being pushed to replace it. Ledger devices and the Ledger Live app have not been compromised, according to a spokesperson. However, software wallet developer MetaMask has also advised users to stop using dapps in response to the attack.
Compromised Connect Kit Affects Dapps
The compromised version of the Connect Kit, which enables Ledger hardware wallets to connect with dapps, was first identified by developers on Twitter. Web3 security firm BlockAid reported that dapps using versions 1.1.4 and above of Ledger’s Connect Kit were affected by the attack. Sushi.com and Hey.xyz are among the affected platforms.
Criticism and Recent Security Issues
Ledger has faced criticism for its security practices in recent months. Its voluntary ID-based Recover service drew backlash from users, who deemed it a “backdoor.” In addition, a fraudulent Ledger app on the Microsoft App Store resulted in significant financial losses for customers. The company also experienced a data breach in 2020, compromising over a million user emails. Despite these incidents, Ledger maintains that today’s attack is unrelated to its ID-based Recover service.
Hot Take: Importance of Vigilance in Crypto Security
This recent attack on Ledger serves as a reminder of the importance of maintaining vigilance when it comes to crypto security. It highlights the need for users to exercise caution when interacting with dapps and ensure they understand the backend libraries used by these applications. Ledger’s swift response in identifying and removing the malicious file demonstrates its commitment to protecting its users. However, it is crucial for users to stay informed and follow the instructions provided by hardware and software wallet developers during such incidents.
By
By
By
By
By