Ledger Library Exploit Alert: Users Warned Against Interacting With Dapp Front Ends Amid Wallet Drainer Risk
Publikováno: 14.12.2023
According to several reports, there’s been an alleged Ledger Connectkit Library exploit and people are being warned not to interact with decentralized application (dapp) front ends. Reportedly, the library that maintained several dapps now contains a wallet drainer. Ledger Library Breach: Experts Advise Halting Dapp Usage to Dodge Wallet Drainer A myriad of reports detail […]
According to several reports, there’s been an alleged Ledger Connectkit Library exploit and people are being warned not to interact with decentralized application (dapp) front ends. Reportedly, the library that maintained several dapps now contains a wallet drainer.
Ledger Library Breach: Experts Advise Halting Dapp Usage to Dodge Wallet Drainer
A myriad of reports detail that there’s an issue with the Ledger Library as an exploit was noticed. The X user called “Banteg” explained that, “[Ledger Library] confirmed compromised and replaced with a drainer” and stressed that people should “wait out interacting with any dapps till things become clearer.”
Blockchain developer Hudson Jameson detailed that Ledger’s Library, used in numerous dapps, has been compromised, leading to the insertion of a wallet drainer. Jameson advised people to refrain from interacting with dapp front ends on websites, as the situation remains risky, especially for those unaware of the specific backend libraries in use. He added that while visiting compromised websites won’t automatically result in fund loss, deceptive browser wallet prompts could enable unauthorized asset transfers to malicious entities.
Jameson further added that Ledger is aware of the issue and actively working on a resolution. Note that safety will only be restored after affected dapps update their use of Ledger’s Web3 libraries, even post-correction by Ledger. A large swathe of other developers and crypto enthusiasts shared warnings on the social media platform X.
“I would avoid using ANY dapps until their teams confirm that they have mitigated the attack,” one individual wrote. Revokecash, Zapper, Tapswap, Sushi, and other dapps are reportedly vulnerable to the bug, and users are being advised to avoid using these applications.
This story is still developing and will be updated with more information as it transpires.
What do you think about the issue with the Ledger Library? Share your thoughts and opinions about this subject in the comments section below.