July 16, 2024
MetaMask and Beyond: Ripple Effect of Ledger's Connector Library Attack
Latest Cryptocurrency News

Crypto Security Alert: Ledger’s Connector Library Breach Raises Ethereum Ecosystem Concerns

The Linea team, known for their zero-knowledge rollup by Consensys, has raised concerns about the recent attack on Ledger’s connector library, suggesting that it might have broader implications for the Ethereum Virtual Machine (EVM) ecosystem. The perpetrator specifically targeted Ledger’s connector library, created to facilitate communication between Ledger hardware wallets and various decentralized applications (DApps).

This incident has also affected MetaMask, a prominent wallet provider in the crypto space. MetaMask promptly addressed the issue with an update on its MetaMask Portfolio, advising users to activate the Blockaid feature within the MetaMask Extension before engaging in any transactions.

Several other protocols, such as Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, have also been impacted by this security breach. CertiK, a blockchain security firm, highlighted that any DApp importing the ledger CDN would automatically execute the drainer code, urging affected users to connect via any supported wallet.

Ledger, a widely used hardware wallet in the crypto community, saw its connector library compromised. This component plays a crucial role in interfacing Ledger hardware with various DApps, potentially affecting a substantial number of EVM users and transactions if compromised.

The attack originated from a former Ledger employee whose NPMJS account was compromised through a phishing attack. Ledger disclosed that the attacker published a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7). The malicious code used a rogue WalletConnect project to reroute funds to a hacker’s wallet.

Ledger promptly released a fix within 40 minutes of discovering the issue but cautioned users to wait 24 hours before utilizing the Ledger Connect Kit again. While Lookonchain estimated that the hacker absconded with assets valued at around $484,000, Ledger warned that the overall impact of this breach might be more significant.

Image by freepik

Disclosure Statement: Miami Crypto does not take any external funding, or support to bring crypto news to the readers. We do not have any conflicts of interest while writing news stories on Miami Crypto.

Related posts

MoonPay Integrates PayPal: Expanding Crypto Options

Cheryl  Lee

$71 Million Stolen Cryptocurrency Returned in a Surprising Twist

Anna Garcia

FTX Bankruptcy Update: Claim Moves to FTXcreditor

Anna Garcia

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Please enter CoinGecko Free Api Key to get this plugin works.