Skip to main content

Ledger Library Exploit Alert: Users Warned Against Interacting With Dapp Front Ends Amid Wallet Drainer Risk

Ledger Library Exploit Alert: Users Warned Against Interacting With Dapp Front Ends Amid Wallet Drainer Risk

According to several reports, there’s been an alleged Ledger Connectkit Library exploit and people are being warned not to interact with decentralized application (dapp) front ends. Reportedly, the library that maintained several dapps now contains a wallet drainer.

*Editor’s Note: The end of this article was updated at 9:02 a.m. (EST) on Dec. 14, 2023, with a message from Ledger noting that the malicious file in the library was replaced and will be propagated.

Ledger Library Breach: Experts Advise Halting Dapp Usage to Dodge Wallet Drainer

A myriad of reports detail that there’s an issue with the Ledger Library as an exploit was noticed. The X user called “Banteg” explained that, “[Ledger Library] confirmed compromised and replaced with a drainer” and stressed that people should “wait out interacting with any dapps till things become clearer.”

Blockchain developer Hudson Jameson detailed that Ledger’s Library, used in numerous dapps, has been compromised, leading to the insertion of a wallet drainer. Jameson advised people to refrain from interacting with dapp front ends on websites, as the situation remains risky, especially for those unaware of the specific backend libraries in use. He added that while visiting compromised websites won’t automatically result in fund loss, deceptive browser wallet prompts could enable unauthorized asset transfers to malicious entities.

Jameson further added that Ledger is aware of the issue and actively working on a resolution. Note that safety will only be restored after affected dapps update their use of Ledger’s Web3 libraries, even post-correction by Ledger. A large swathe of other developers and crypto enthusiasts shared warnings on the social media platform X.

“I would avoid using ANY dapps until their teams confirm that they have mitigated the attack,” one individual stated. Revokecash, Zapper, Sushi, and other dapps are reportedly vulnerable to the bug, and users are being advised to avoid using these applications.

*Ledger has officially confirmed the issue. “We have identified and removed a malicious version of the Ledger Connectkit. A genuine version is being pushed to replace the malicious file now,” Ledger wrote at 8:31 a.m. (EST). “Do not interact with any dapps for the moment. We will keep you informed as the situation evolves. Your Ledger device and Ledger Live were not compromised.

“The malicious version of the file was replaced with the genuine version at around 2:35 p.m. CET. The new genuine version should be propagated soon,” Ledger added in a subsequent tweet. “We will provide a comprehensive report as soon as it’s ready. In the meantime, we’d like to remind the community to always Clear Sign your transactions – remember that the addresses and the information presented on your Ledger screen is the only genuine information. If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.”

This story is still developing and will be updated with more information as it transpires.

What do you think about the issue with the Ledger Library? Share your thoughts and opinions about this subject in the comments section below.



from Bitcoin News https://ift.tt/Jc7kF4T
Labels:

Comments

Post a Comment

Popular posts from this blog

Mt Gox Creditors Updated, Trustee Says Rehabilitation Custodian Is ‘Currently Preparing to Make Repayments’

On August 31, 2022, the Mt Gox trustee Nobuaki Kobayashi explained in a recent letter that the rehabilitation custodian is “currently preparing to make repayments” to Mt Gox creditors. Trustee Updates Mt Gox Creditors — Repayment Date and Exchange Still Unknown Last week speculation and rumors concerning the release of 140K bitcoin ( BTC ) from Mt Gox littered social media platforms and headlines. Bitcoin.com News covered the situation six days ago as a number of people and Mt Gox creditors called the rumors “ fake news .” During that same period of time, a bitcoin whale transferred 10,000 BTC to unknown wallets, and a 2018 annotation , heuristics, and clustering methods show the funds likely originated from the June 2011 Mt Gox hacks. Following the mysterious whale transfer, last Wednesday, Mt Gox published an official update from the court trustee Nobuaki Kobayashi that explains the court is “currently preparing to make repayments” to creditors. Mt Gox creditors have been wait...
Post a Comment
Read more

International Crypto Exchange Luno Adds Bitcoin Cash Trading

Luno exchange has added bitcoin cash trading to the platform following feedback from its client base. BCH is now only the third cryptocurrency available for trading on the exchange, in addition to BTC and ETH , but more options could be on the way once Luno determines that they are credible enough. Also Read: Bitflyer Adds Bitcoin Cash Trading Across Europe and the US Luno Adds Bitcoin Cash Trading Luno, the London-headquartered company formerly known as Bitx, recently announced that bitcoin cash was made available on its cryptocurrency exchange. Starting from Monday, September 23, customers at Luno are now able to store, buy and sell BCH on the platform. The reason given for adding BCH to the exchange is feedback from users in developing markets that convinced Luno to expand their offering from previously just BTC and ETH . Marcus Swanepoel, CEO of Luno, said , “We are in a new and exciting financial era. Developing economies are leading the large-scale adoption and appli...
Post a Comment
Read more

DefiDollar Listing on AscendEX

PRESS RELEASE. AscendEX, formerly BitMax, an industry-leading digital asset trading platform built by Wall Street quant trading veterans, has announced the listing of the DefiDollar Token (DFD) under the pair USDT/DFD on Apr 29 at 1:00 p.m. UTC. DefiDollar is a DeFi lab that aims to bring mass adoption to DeFi with a wide-ranging product suite. The first product offering to go live will be the stablecoin index – DUSD, with ibBTC and optionCoin currently in development. DefiDollar (DUSD) aspires to be a risk-insured stablecoin layer for DeFi. It is designed to provide a safe and stable way for users to hold their assets with DUSD being optimized for peg safety, yield, and diversification. DefiDollar uses DeFi primitives to stay close to the dollar mark. DUSD provides an avenue for diversifying stablecoin holdings to hedge against an event where the underlying stablecoins like Tether or DAI deviate from their peg. DUSD is collateralized by Curve Finance LP tokens. DFD is the n...
Post a Comment
Read more