Ledger CEO Addresses Recent Hack
Ledger CEO Pascal Gauthier recently provided an update on the recent hack that affected Ledger and its systems. This update brought relief to users and stakeholders as it confirmed that the hack had been neutralized.
Gauthier Explains the Hack
The hack involved injecting malicious code into Ledger’s Javascript library, specifically targeting versions above 11.4. Gauthier explained that the exploit resulted from a vulnerability that a bad actor took advantage of. The hacker gained access through a phishing attack on a former employee, allowing them to upload a malicious file to Ledger’s NPMJS package manager.
Upon discovering the hack, Ledger swiftly collaborated with WalletConnect to remove the compromised NPMJS and disable the malicious file. This quick response demonstrated the team’s efficiency in dealing with a critical security breach.
An Example of Collective Strength
Gauthier highlighted Ledger’s response to the hack as an example of the collective strength within the industry. He emphasized the incident’s demonstration of the DeFi community’s ability to effectively address security challenges and maintain integrity and trust in the ecosystem.
Gauthier reassured users that Ledger has internal processes in place to prevent unauthorized deployment of codes. Additionally, a multi-party review system and standard security protocols, such as revoking system access for departing employees, have been implemented.
Continuous Improvement in Security
Gauthier recognized the need for continuous improvement in security within the decentralized finance ecosystem. Ledger remains committed to implementing stronger security protocols, particularly in its build pipeline and NPM distribution channel.
In response to the hack, Ledger has released a new version (1.1.8) of their ConnectKit with enhanced security measures. Users are advised to upgrade immediately, and there is a 24-hour waiting period before the new version becomes fully operational to ensure all security protocols are implemented correctly.
The Attack on Ledger
Ledger fell victim to a hack that compromised the code used by various Web3 applications and services. Hackers released a malicious version of Ledger’s Connect Kit, replacing the genuine software. Ledger promptly responded and investigated the incident.
“The malicious version of the file was replaced with the genuine version at around 2:35 pm CET. The new genuine version should be propagated soon. We will provide a comprehensive report as soon as it’s ready. In the meantime, we’d like to remind the community to always Clear Sign your transactions – remember that the addresses and the information presented on your Ledger screen is the only genuine information.”
Hot Take: Rising Security Threats in the DeFi Space
The recent hack on Ledger highlights the growing security threats faced by companies operating in the decentralized finance (DeFi) space. It serves as a reminder that even the most advanced security measures can be bypassed by determined bad actors. However, Ledger’s quick response and collaboration with WalletConnect demonstrate the resilience of the DeFi industry and the effectiveness of collective efforts in addressing these challenges.
By
By
By
By