DApps Disable Front-End Interfaces Amid Ledger Security Breach; $484k in Digital Assets Lost
Summary:
In response to a security breach, decentralized applications (dApps) have temporarily disabled their front-end interfaces for Ledger Connect. Firms like OpenSea and Lido Finance have notified users to avoid connecting to other dApps using Ledger Connect. Early reports suggest the exploit led to a loss of over $484,000 in digital assets. The breach resulted from a phishing attack on a former Ledger employee. Tether has since frozen the offending account, and a genuine version of the Ledger Connect Kit is being universally propagated.
In response to today's security breach, several decentralized applications (dApps) have temporarily shut down their front-end interfaces for Ledger Connect. Dealing with nonfungible tokens (NFTs), OpenSea urged its users on December 14 to refrain from linking to any dApps via Ledger Connect until further updates. Additionally, Lido Finance, a decentralized finance (DeFi) platform, declared that its "front-end portals had been disabled as a safety measure pending investigation of the Ledger Connect issue." In the course of the day, the front-ends of Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash were compromised due to the Ledger Connect vulnerability. Ledger has confirmed that the glitch has been rectified, attributing it to a "corrupt version of the Ledger Connect Kit." As per Ledger, a "legitimate version is promptly being disseminated to replace the tainted file. Do not engage with any dApps at this time. We will continuously update you as circumstances develop." According to early estimates, at least $484,000 in crypto assets were siphoned off due to the attack. Tether, the company behind the USDT stablecoin, subsequently froze the attacker's account. Ledger developers are now automatically rolling out a "real version" of the Ledger Connect Kit and advise users to wait 24 hours before resuming its use. The breach has been traced back to a phishing attack on a former Ledger employee, through which the cyber attackers gained access to crucial data. "A formal complaint is being lodged and we are collaborating with legal authorities to apprehend the attacker," the developers stated. It took approximately two hours to plug the funds' drain and rectify the glitch.
Related: Counterfeit Ledger Live app infiltrates Microsoft's app store, resulting in theft of $588K.
Published At
12/14/2023 7:09:56 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.