Ledger Pushes Update as Wallet Users Targeted in Sophisticated Attack
- Ledger ConnectKit exposes popular dApps to wallet-draining attacks.
- Popular dApps, including SushiSwap and Zapper, were confirmed to be affected.
- Ledger has released a minor update to eliminate the malicious code.
Users of the renowned crypto self-custody solution Ledger have become the latest targets for a well-planned attack targeting their crypto funds. Specifically, an attacker has compromised Ledger ConnectKit, a popular software library that decentralized applications (dApps) use to connect with Ledger hardware wallets.
This vulnerability was disclosed by blockchain security tracking firm Blockaid in a recent tweet. Blockaid characterized it as a supply chain attack as the hacker poisoned the library’s source, affecting applications relying on it.
Specifically, the attacker injected malicious wallet-draining payload code into the library to drain crypto assets stored in Ledger devices connected to dApps using the compromised ConnectKit.
We've detected a potential supply chain attack on ledgerconnect kit
The attacker injected a wallet draining payload into the popular NPM package.
This currently affects a couple of popular dapps including but not …
The post Ledger Pushes Update as Wallet Users Targeted in Sophisticated Attack appeared first on Coin Edition.
Read More
Ledger Pushes Update as Wallet Users Targeted in Sophisticated Attack
- Ledger ConnectKit exposes popular dApps to wallet-draining attacks.
- Popular dApps, including SushiSwap and Zapper, were confirmed to be affected.
- Ledger has released a minor update to eliminate the malicious code.
Users of the renowned crypto self-custody solution Ledger have become the latest targets for a well-planned attack targeting their crypto funds. Specifically, an attacker has compromised Ledger ConnectKit, a popular software library that decentralized applications (dApps) use to connect with Ledger hardware wallets.
This vulnerability was disclosed by blockchain security tracking firm Blockaid in a recent tweet. Blockaid characterized it as a supply chain attack as the hacker poisoned the library’s source, affecting applications relying on it.
Specifically, the attacker injected malicious wallet-draining payload code into the library to drain crypto assets stored in Ledger devices connected to dApps using the compromised ConnectKit.
The attacker injected a wallet draining payload into the popular NPM package.
This currently affects a couple of popular dapps including but not …
The post Ledger Pushes Update as Wallet Users Targeted in Sophisticated Attack appeared first on Coin Edition.
Read More