Although Ledger has fixed the bug, users should remain cautious when interacting with decentralized applications. According to an expert, more than $600,000 was stolen.
A bug at crypto company Ledger left users in a cold sweat this Thursday afternoon. Discovered by blockchain experts, it was based on the Ledger Connect Kit, a feature that allows users to connect their crypto wallet to decentralized applications. We remind you that decentralized finance (DeFi) is an open financial system accessible to any user that enables some traditional financial operations such as loans.
At 2:30 p.m., Ledger he remarked after “removing the malicious version” of the Ledger Connect Kit and replacing it with the genuine version. The company warned of fraud risks related to the bug. However, the damage seems to have already been done. According to renowned blockchain investigator ZachXBT, more than $610,000 has already been stolen due to this code flaw.
Rift for 5 hours
In a post at 4:49 p.m., Ledger gave Instructions during an attack, it is recommended not to connect to Ledger Connect for 24 hours. In the morning, a former Ledger employee fell victim to a phishing attack that allowed the attacker to release a malicious version of the Ledger Connect Kit.
“Ledger’s technology and security teams were notified and a fix was deployed within 40 minutes of Ledger becoming aware. The malicious file remained active for approximately 5 hours, but we believe that the period during which resources were exhausted was limited to less than two clock.” hours,” Ledger said.
Asked about the implications of this error, Ledger did not respond to our request.
Be careful
The company warned that users’ crypto wallets (Ledger) and Ledger Live (a web interface that allows many operations) were not compromised. Despite the Ledger update, users are advised to remain very cautious in their decentralized finance (DeFi) interactions.
Ledger, founded in 2014, specializes in designing so-called “non-custodial” cryptowallets that allow users to be masters of their private keys (for cryptocurrencies) as opposed to “custodial” wallets (often offered by security platforms). centralized exchanges such as Binance and Coinbase). Ledger claims to have sold a total of 6.5 million crypto wallets and serves 100 corporate clients. It ensures that 20% of all cryptocurrency assets and 30% of NFTs worldwide are secured.