Ledger, one of the largest and most popular hardware wallet producers in the cryptocurrency industry has identified a malicious version of the Ledger Connect Kit. Dozens of Web3 and decentralised applications (dApps) have been compromised. Additionally, around $480k has been drained from users. The malicious version of the Ledger Connect Kit has been removed according to Ledger.
Ledger Identifies Malicious Version of Ledger Connect Kit
Ledger Wallet connection has been compromised according to Ledger. Users that connect to websites, Web3 applications or dApps could be exposed to a malicious version of the Ledger Connect Kit. Those users who get connected to this type of service could be affected and the funds on their wallets stolen.
As per the recent report released by Ledger on the X platform, the malicious version of the file was replaced with the genuine version at 2:35 pm CET. However, this version should be propagated and Web3 applications have to update it as soon as possible.
🚨We have identified and removed a malicious version of the Ledger Connect Kit. 🚨
A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.
Your Ledger device and…
— Ledger (@Ledger) December 14, 2023
Ledger has presented a warning for users who interact with dApps and other platforms:
“In the meantime, we’d like to remind the community to always Clear Sign your transactions – remember that the addresses and the information presented on your Ledger screen is the only genuine information.”
In addition, Paolo Ardoino, the CEO of Tether, announced that the Ledger exploiter address has been frozen.
It is worth taking into consideration that the current situation does not only affect Web3 applications but it harms the whole crypto community. This hack will allow malicious actors to start phishing campaigns or impersonate Ledger representatives and attack users in vulnerable situations or that could have been affected.
Ledger reminds people and the community to never share the 24-word Secret Recover phrase with anyone. Those who ask for the 24-word Secret Recover Phrase are criminals. Users who want to know how to Clear Sign transactions can read the following guide created by Ledger: https://www.ledger.com/blog/clear-sign-your-worries-away
Via: 2Usethebitcoin.com
