Scam alert: Ledger hardware wallet has recently identified and removed a malicious version of the Ledger Connect Kit. In this regard, users are advised to refrain from interacting with any dApp at this time.
Ledger on X: “We have identified and removed a malicious version of the Ledger Connect Kit. A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves. Your Ledger device and…” / X (twitter.com)
Furthermore, it is communicated that an authentic version is currently being distributed to replace the harmful file. However, the situation will be constantly updated regarding its evolution.
Finally, it is specified that the Ledger device and Ledger Live have not been compromised. Let’s see all the details below.
Ledger hardware wallet detects and removes a scam on the Ledger Connect Kit
As anticipated, today a serious security issue has emerged in the Web3 ecosystem, which seems to involve several decentralized applications (dApps).
The incident is connected to a software library provided by Ledger, the well-known hardware wallet provider, which was used as a foundation for many dApps.
This incident allowed the injection of malicious code into various dApp front-ends, posing a significant threat to users and their resources. As a result, the front-ends of several dApps may be vulnerable if used.
Some projects like Kyber and RevokeCash have already confirmed that they have disabled their front-ends in response to this situation.
The security company Blockaid has defined the incident as an “attack on the supply chain” targeting the Ledger ConnectKit, where a malicious user replaced the library software with malicious code in order to exploit resources.
It is suspected that the origin of the problem may stem from a compromise of a specific content distribution network (CDN) hosting the involved software library, according to what was stated by Sushi’s chief technology officer, Matthew Lilley.
Estimates made by Blockaid indicate that approximately 150,000 dollars were lost in the first two hours after the incident, but subsequently the value of the stolen funds increased to over half a million dollars.
A software patch has been developed and included in an update, but dApps may need to adopt it before security conditions are fully restored.
In a statement, Ledger stated the following:
“We have identified and removed a malicious version of the Ledger Connect Kit. An authentic version has been distributed to replace the malicious file.”
Meanwhile, as anticipated, Matthew Lilley and other experts have advised users to avoid interacting with any dApp until further communication.
The integration of Toncoin (TON) into the Ledger hardware wallet
Ledger announced today its support for Toncoin (TON), integrating the token into the hardware wallet ecosystem. Currently, TON is recording a +3.80% increase in the last 24 hours.
Carl Anderson, VP of Engineering at Ledger, highlighted the alignment of values between The Open Network and Ledger, emphasizing the right to privacy and the commitment to ensuring financial freedom for all.
Along with the announcement, Ledger is launching a holiday promotion that offers a 20% discount on all hardware wallets until December 23rd. An opportunity not to be missed for those who want to protect their cryptographic assets with maximum security.
Meanwhile, TON has recently achieved success, ranking among the top 20 cryptocurrencies. After the support announced by Telegram in September, TON has seen a constant growth in users and daily transaction volume.
During 2023, the total number of TON users increased by +122%, going from 1.8 million to 4.0 million.
The average volume of daily transactions now exceeds 1 million, highlighting the growing interest in the network.
In addition, the Dubai International Finance Centre (DIFC) has officially recognized TON as a cryptocurrency within its jurisdiction, increasing institutional attention on the network.