The team behind the Ledger confirmed a vulnerability, observed on December 14th. The problem was linked to the Ledger library. In its official statement, the team stated that a malicious version of the Ledger Connect Kit was identified and removed. Approximately US$610 may have been drained during the attack.
“A genuine version is being uploaded to replace the malicious file now. Do not interact with any dApps at this time. We will keep you informed as the situation evolves. Your Ledger device and Ledger Live have not been compromised.”
In updating its statement, the Ledger team stated that the malicious version of the file was replaced by the original version at around 14:35 pm CET.
“The new genuine version should be propagated soon. We will provide a comprehensive report as soon as it is ready. In the meantime, we would like to remind the community to always sign your transactions clearly – remember that the addresses and information displayed on your Ledger screen are the only genuine information. If there is a difference between the screen shown on your Ledger device and the screen on your computer/phone, stop the transaction immediately,” he warned.
🚨We have identified and removed a malicious version of the Ledger Connect Kit. 🚨
A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.
Your Ledger device and…
- Ledger (@Ledger) December 14, 2023
Wallet Ledger Security Alert: Vulnerability Affects DeFi Platforms
Matthew Lilley, the CTO of decentralized exchange SushiSwap, made a critical announcement, warning investors about a serious security vulnerability. According to Lilley, users should avoid interacting with any dApp until further notice. This guidance came after recognition that the SushiSwap platform was under threat from malicious software.
The source of the problem, as explained by Lilley, is linked to hardware wallet provider Ledger's GitHub. He emphasized the seriousness of the situation, stating:
“Do not interact with ANY dApps until further notice. A widely used web3 connector appears to have been compromised, allowing the injection of malicious code affecting a large number of dApps.”
This statement pointed to a large-scale attack, not just on a single dApp, but on several others, all linked to the Ledger library.