Hardware Wallet Ledger Suffers HACK, Are You Safe?

December 14, 2023 1:40 pm Comments

Yet another crypto hack has rocked the crypto community this holiday season.

The exploit, which is affecting numerous DeFi platforms, was traced back to an issue in the Ledger library. More specifically, the Ledger Kit Connect code.

Roughly $480,000 in funds were lost during the exploit and numerous Ledger users are reporting losses due to the hack.

Earlier this year, Ledger faced an intense backlash for creating a recovery service that would centralize user keys in a database and provide a backdoor to the hardware wallets.

As of this time, the exploit in the code has reportedly been fixed, but we advise users not to do any transactions today as numerous DeFi platforms also seem to be affected.

One member of the crypto community offered some tips during this tough time:

“Dear Dogecoin and crypto users: the attacker involved in the Ledger Connect Kit hack has been able to drain funds across several L1 and L2 networks, including ETH, Fantom, Base, Arbitrum, BNB Chain, Polygon, Avalanche, Optimism.

It seems he started draining funds this morning and continued until about 1 hour ago. Tether (remember, they are a centralized stablecoin) froze his address.

Do not sign any transaction, and stay away from DApps for the time being.

Insidiously, http://Revoke.cash (an app to remove contract authorization) was also affected by the hack.

The hack does not affect on-chain Dogecoin, but I would avoid using Ledger Live, Metamask, or any other wallet for the next few hours

If you do need to use the wallet, always triple check the address shown in your hardware wallet’s screen is the correct one.”

Cryptoshark asked: “I don’t believe in coincidences; something isn’t right with Ledger. This is what? The 3rd or 4th major hack?”

Bitcoin Systemi sounded the alarm:

At this point, SUSHI CTO stated that investors should not interact with any dApp until further notice and announced that the platform was exposed to a security vulnerability caused by bad software.

SUSHI CTO Lilley also added that the suspicious code originated from the GitHub page of hardware wallet provider Ledger.

Sergito explained: “1. Don’t touch anything at all right now. NOTHING. 2. The issue is based off Ledger software but affects ANY WALLET that interacts with the malicious code. 3. If you haven’t done transactions overnight you are most likely safe. 4. Sit on your hands for now.”

Trustnodes provided this critical update:

“The ledger issue is now fixed,” Gupta said. “To make sure you don’t have the malicious library cached, go to Jsdelivr and ensure the version is 1.1.8.

If it’s not, clear your cache. chrome- F12> Chrome Developer Tools > Application tab > Storage in left tree> Clear site data.”

Join the conversation!

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.