Hardware Wallet Provider Ledger Faces Hack Attack!
- Posted on December 14, 2023 7:14 PM
- Cryptocurrency Exchanges News
- 193 Views
Cold wallet manufacturer Ledger has issued a statement regarding a hack attack that occurred today. Following a warning from Sushi CTO, the company stated that the malicious code had been removed from the Ledger Connect application, and new code had been added.
In the statement, it was emphasized that Ledger wallets and the Ledger Live application were not affected by the attack. The statement read: 'We have detected the malicious code and removed it from the Ledger Connect application. New code has been placed in the malicious file. Do not enter any decentralized applications for now. We will continue to provide information as developments unfold. Ledger wallets and the Ledger Live application have not been harmed in this incident.'
Ledger also tweeted a reminder that they only have two social media accounts and urged caution against phishing attacks.
According to Matthew Lilley's statements, Ledger's GitHub page experienced issues, and the malicious code spread from there. This situation led to the withdrawal of cryptocurrencies in dApps connected to Ledger Connect.
Technical investigations indicate that the attacker left a personal email address in the code section. The email address points to a person named Junichi Sugiura as the possible culprit. However, there is also the possibility that this email address belongs to someone else. Additionally, Tether, the issuer of USDT, the largest stablecoin company, reportedly froze the hacker's address. Tether CEO Paolo Ardoino stated that there were no issues reported from other exchanges.
In an official tweet from the Ledger X/Twitter account, the company stated:
'We have identified and removed a malicious version of the Ledger Connect Kit. A new original version is now being released to replace the malicious file. Do not interact with any dApp for now. We will inform you as the situation develops. The security of your Ledger device and Ledger Live has not been compromised.
The malicious version of the file was replaced with the original version around 14:35 (GMT). The new original version should be spread shortly. We will provide a comprehensive report as soon as it is ready.
Meanwhile, we would like to remind the community to always conduct their transactions with Clear Sign; remember that the information displayed on your Ledger screen is the only true information. If there is a discrepancy between the screen on your Ledger device and your computer/phone screen, immediately halt the transaction.
Please be cautious against ongoing phishing and scams.'
🚨We have identified and removed a malicious version of the Ledger Connect Kit. 🚨
— Ledger (@Ledger) December 14, 2023
A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.
Your Ledger device and…