Ledger attack shows the company has ‘learned nothing’ after multiple breaches: ENS developer
Members of the crypto community have released their response to the Ledger Connect Kit exploit that has affected several decentralized applications (DApps) in the Web3 space.
On December 14, a hacker attacked the front end of several DApps using Ledger Link. The exploiter breached major apps like SushiSwap, Phantom and Revoke.cash and stole at least $484,000 in digital assets.
The Ledger announced that it had fixed the problem three hours after the first reports of the attack. The company's CEO, Pascal Gauthier, said that this incident was independent and that they were working with law enforcement agencies to find and “bring the hacker to justice.”
While Ledger said it was an isolated incident, Linea, a consensus zero-knowledge aggregator, warned Web3 users that the vulnerability could affect the entire Ethereum Virtual Machine (EVM) ecosystem.
A day after the incident, community members took to Twitter to express their feelings about the Ledger incident. Some followers suggested using other wallet platforms, while others called for Ledger to open everything up.
Ledger security explained pic.twitter.com/6hTeXYVWco
— Crypto PM (@CryptoPM_) December 15, 2023
On December 15, Bitcoin (BTC) fan Brad Mills told his X followers to use Bitcoin-only hardware developed by Bitcoin engineers focused on protecting BTC. Mills urges community members not to board their BTC peers with hardware wallets like Ledger or Trezor.
In the year In 2020, another Ledger incident led to the release of user information such as mailing addresses, phone numbers, and email addresses. Citing previous Ledger breaches, Nick Johnson, developer of Ethereum's name service, said in a post that no one should recommend their hardware or use their libraries.
Ok, clearly @Ledger has learned nothing about opsec from multiple breaches. At this point I don't think anyone in good conscience should be recommending the hardware or using the library.
— nick.eth (@nicksdjohnson) December 15, 2023
According to Johnson, Ledger has shown a consistent disregard for operational security and does not deserve the “benefit of the doubt that they will improve”.
Related: Decentralized apps pause Ledger Connect as exploit patch deployed
Meanwhile, crypto trader and analyst Krillin spent a day criticizing Ledger and removing negative comments under his X posts.
In the December 14 hack, the attacker used phishing to gain access to the computer of a former Ledger employee. The JavaScript account of the worker node package manager was accessed, leading to the breach.
After the hack, a community member advised Ledger to “open everything up” and let the community be their “surgeon.” The company announced on May 24 that it had opened up many of its applications and was committed. To unlock more code.
Community members say transparency is not a luxury, but a lifeline. Once trust is lost, it seeks open veins, not veiled promises.
Magazine: ‘Account Summary' Supercharge Ethereum Wallet: A Dummies Guide