Ledger has since said that the exploit was the result of a phishing attempt against a former worker.
In response to an exploit on December 14, more decentralized applications (DApps) have momentarily stopped using their front-end user interface for Ledger Connect.
Users are advised to “not connect to any dApps using Ledger Connect until further notice,” according to OpenSea, the developers of the nonfungible token (NFT) platform. This was stated on December 14.
As a precautionary measure while the Ledger connect issue is being looked into, the decentralized finance (DeFi) protocol Lido Finance announced that its “front-ends have been switched off.”
The Ledger Connect exploit earlier in the day compromised the front ends of Zapper, SushiSwap, Phantom, Balancer, and Revoke. Cash. Since then, Ledger has announced that the exploit has been fixed and that a “malicious version of the Ledger Connect Kit” is to blame for the problem.
“A legitimate version is now being pushed to replace the malicious file.” For the time being, avoid interacting with any dApps. We will keep you updated as the situation progresses.”
preliminary reports, the attack has taken away digital assets worth at least $484,000. Since then, the exploiter’s address has been frozen by Tether, the company that created the Tether USDT $1.00 stablecoin. Developers of Ledger claim that the Ledger Connect Kit is “being propagated now automatically” and that it is a “genuine version.” Nevertheless, it is advised that users wait a full day before using the kit once more.
The exploit, which gives hackers access to private data, has been linked to a phishing attempt against a former employee of Ledger. Developers wrote, “We are working with law enforcement on the investigation to find the attacker and have filed a complaint.” The time between the funds being depleted and the deployment of a fix was estimated to be two hours.
Conclusion
The pausing of Ledger Connect by several dApps is a serious issue that should not be taken lightly. While the exact nature of the exploit is still unknown, it is clear that users need to be vigilant and take steps to protect their digital assets. Ledger is working on a fix, and users should update their software as soon as it becomes available. In the meantime, it is advisable to disconnect Ledger wallets from dApps and avoid clicking on any suspicious links or downloading unauthorized software.
