When Ledger CEO explained about the hack, he called it an ‘unique incident’
Ledger CEO Pascal Gauthier spoke on the wallet provider's hack in a Dec. 14 post on the company's blog. The Ledger JavaScript Connector library described the hack as an “isolated incident” and promised strong security controls.
My personal commitment: Ledger provides as many internal and external resources as possible to help injured individuals recover their assets.
— Pascal Gauthier @Ledger (@_pgauthier) December 14, 2023
The exploit took less than two hours, was deactivated within 40 minutes of discovery, and was limited to third-party DApps, Gauthier said. This happened after a former employee fell victim to a phishing scam, he said. The identity of that employee is said to have been left behind in the hacked code. Ledger hardware and the Ledger Live platform are not affected. in addition –
“The standard practice at Ledger is that no single person can deploy code without multiple parties reviewing it. When it comes to most parts of our development, we have strong access controls, internal reviews, and code multi-signatures. This is 99% of our internal systems. Any employee who leaves the organization has access to every Ledger system. Canceled.
Gauthier went on to call the abduction a “tragic isolated incident.” Now, he promised him.
“Ledger connects our build pipeline with strict software supply chain security to the NPM distribution center and implements strong security controls.”
This type of hacking can happen to others, Gauthier added. Ledger Connect Kit 1.1.8 is secure and ready to use, Gutierrez said. Thanks to WalletConnect, Tether, Chainalysis and zachxbt for help.
Related: Multiple DApps Addresses Vulnerability After Defect Using Connector Library
The amount of the hack was initially estimated at $484,000, but Web3 security service Blockaid later told Cointelegraph that the sum had risen to $504,000 at 20:00 UT. The hack could affect any EVM user that interacts with the affected DApps, the company added.
Here is the list of daps that can be affected by the @ledger hack! Never contact DEFI today! No application is secure if you use Ledger. pic.twitter.com/2ihbasF3R7
— Ran Nooner (@cryptomanran) December 14, 2023
Magazine: $3.4B Bitcoin in a Popcorn Can: The Story of the Silk Road Hacker
