Crypto Firm Ledger Warns Users of Critical Security Vulnerability
Crypto company Ledger is advising users to temporarily stop using their hardware wallets with decentralized applications (DApps) due to a significant exploit.
In a recent thread on the social media platform X, Ledger announced that it had discovered and replaced a malicious version of its connect kit. The connect kit is a piece of code that allows hardware wallets to connect with DApps.
The company clarified that users should avoid interacting with any DApps for the time being. However, it reassured users that their Ledger devices and Ledger Live were not compromised.
How the Exploit Was Discovered
Ledger uncovered the exploit when a former employee fell victim to a phishing scam and lost access to their NPMJS account, a website used by developers to create code and applications.
The perpetrator uploaded a malicious version of Ledger’s connect kit, which would redirect funds from users to the hacker’s wallet. Fortunately, Ledger was able to address this issue within five hours of its discovery.
Once the exploiter’s address was reported, stablecoin issuer Tether froze the hacker’s stash of USDT.
Hacker Steals $484,000 Worth of Digital Assets
According to blockchain tracking platform Lookonchain, the hacker managed to steal approximately $484,000 worth of digital assets from Ledger.
Hot Take: Protecting Your Crypto Assets
It is crucial for crypto users to remain vigilant and take necessary precautions to protect their assets. In this case, Ledger swiftly identified and addressed the security vulnerability. However, incidents like these serve as a reminder that even reputable companies can face threats in the crypto space. To enhance your security measures, always stay informed about the latest security practices and be cautious of potential phishing attempts or suspicious activities. By taking these steps, you can safeguard your crypto assets and minimize the risk of falling victim to exploits.