Table of Contents
Several decentralized applications (DApps) have proactively taken measures in response to an exploit on December 14 by temporarily disabling their front-end user interfaces for Ledger Connect.
Notably, the nonfungible token (NFT) platform OpenSea issued advice, urging users to refrain from connecting to any DApps using Ledger Connect until further notice.
Simultaneously, the decentralized finance (DeFi) protocol Lido Finance opted to deactivate its front-ends as a precautionary measure while investigations into the Ledger Connect issue are underway.
On the same day, the front ends of well-known platforms such as Zapper, SushiSwap, Phantom, Balancer, and Revoke. cash faced compromises as part of the Ledger Connect exploits.
In response, Ledger, the company behind Ledger Connect, swiftly confirmed that the exploit had been successfully patched. The identified issue originated from a “malicious version of the Ledger Connect Kit.”
- Amid ongoing efforts to address the situation, users are strongly cautioned against interacting with any decentralized applications (dApps) at this time, as a genuine version is actively being deployed to replace the previously identified malicious file. Regular updates will be furnished to ensure users remain informed about the evolving developments.
Decentralized application Swift Responses to Recent Exploit: Depletion of $484,000 in Digital Assets
Preliminary reports suggest that the recent attack has led to the depletion of at least $484,000 in digital assets. In response to the incident, Tether, the issuer of the USDT stablecoin, promptly took action by freezing the exploiter’s address. Concurrently, Ledger developers are in the process of automatically propagating a “genuine version” of the Ledger Connect Kit.
FINAL TIMELINE AND UPDATE TO CUSTOMERS:
— Ledger (@Ledger) December 14, 2023
4:49pm CET:
Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.
The investigation continues, here is the timeline of what we know about…
Decentralized application,Despite this ongoing effort, users are cautioned to exercise prudence and wait for 24 hours before resuming the use of the kit.
The exploit’s origin has been traced back to a phishing attack targeting a former Ledger employee, providing unauthorized access to sensitive information. Decentralized application In light of this, developers are actively engaged in legal proceedings and collaboration with law enforcement to investigate and apprehend the attacker. It’s noteworthy that there was an approximate two-hour gap between the depletion of funds and the deployment of a fix, underscoring the urgency and swiftness required in responding to such incidents.
For any queries and suggestions contact us here.
