Ledger has since attributed the exploit to a phishing attack on a former employee.
939 Total views 14 Total shares Listen to article More decentralized applications (DApps) have temporarily disabled their front-end user interface for Ledger Connect amid an exploit on Dec. 14. Developers of the nonfungible token (NFT) platform OpenSea said on Dec. 14 that users should “not connect to any dApps using Ledger Connect until further notice.” Meanwhile, the decentralized finance (DeFi) protocol Lido Finance stated its “front-ends have been switched off as a precautionary measure whilst the Ledger connect issue is being investigated.” Earlier in the day, the front ends of Zapper, SushiSwap, Phantom, Balancer and Revoke.cash were compromised as part of the Ledger Connect exploit. Ledger has since stated that the exploit has been patched, with the issue stemming from a “malicious version of the Ledger Connect Kit.”
FINAL TIMELINE AND UPDATE TO CUSTOMERS:
4:49pm CET:
Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.
The investigation continues, here is the timeline of what we know about…
— Ledger (@Ledger) December 14, 2023