A registry breach could potentially affect the entire EVM ecosystem – Linea

A registry breach could potentially affect the entire EVM ecosystem - Linea



An attack on the Ledger Connector library may be affecting the entire Ethereum Virtual Machine (EVM) ecosystem, according to the Linea team at Consensys zero knowledge aggregation.

The hacker targeted the Ledger connector library, which is designed to create connections between Ledger hardware wallets and various decentralized applications (DApps). Wallet provider MetaMask has been affected by the security incident.

According to a post on X (formerly Twitter), MetaMask has rolled out an update to fix the issue on its MetaMask portfolio. “Please make sure the Blockaid feature is turned on in the MetaMask Extension before making any transactions on the MetaMask portfolio,” the company warned on X.

Other affected protocols include Zapper, SushiSwap, Phantom, Balasser, and Revoke.cash. Blockchain security firm Sertic told Cointelegraph that any DApp that imports a CDN will automatically execute a decryption code that allows victims to connect to wallets they support.

bybit

Ledger is a popular hardware wallet used by many in the crypto community. Its connector library is a critical component that connects between Ledger hardware and various DApps. If this library gets corrupted, it can affect many EVM users and transactions.

The attack started after a former Ledger employee was phished and their NPMJS account compromised. “The attacker published a malicious version of the Ledger Connect Kit (versions 1.1.5, 1.1.6 and 1.1.7 affected). The malicious code used the rogue WalletConnect project to transfer funds to the hacker's wallet,” the company wrote. X.

A correction was released 40 minutes after the Ledger became aware of the issue. The company is warning users to wait 24 hours before using the Ledger Connect Kit again.

Blockchain analytics platform Lookonchain said the hacker stole about $484,000 in assets, but the impact of the security breach could be even greater, Leder said.

Magazine: 2 years after John McAfee's death, widow Janice is broken and needs answers.

Leave a Reply

Pin It on Pinterest