Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the jetpack domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/feedavenue.com/public_html/wp-includes/functions.php on line 6114
Ledger breach possibly affecting whole EVM ecosystem — Linea - Feedavenue
Sunday, December 22, 2024
HomeBusinessCryptocurrencyLedger breach possibly affecting whole EVM ecosystem — Linea

Ledger breach possibly affecting whole EVM ecosystem — Linea

Date:

Related stories

spot_imgspot_img



The attack on Ledger’s connector library may be impacting the whole Ethereum Virtual Machine (EVM) ecosystem, according to the Linea team, a zero-knowledge rollup by Consensys. 

The hacker targeted the Ledger connector library, which was designed to enable communication between Ledger hardware wallets and various decentralized applications (DApps). Wallet provider MetaMask has also been affected by the security incident.

According to a post on X (formerly Twitter), MetaMask deployed an update to fix the issue, saying users on the latest version v2.121.0 would automatically be updated and should be able “to transact again.” Users of previous versions should “refresh your site data.”

Other affected protocols include Zapper, SushiSwap, Phantom, Balancer and Revoke.cash. Blockchain security firm Certik told Cointelegraph that any DApp importing the ledger CDN will automatically execute the drainer code, prompting victims to connect via any wallet they support.

Ledger is a popular hardware wallet used by many in the crypto community. Its connector library is a critical component that interfaces between the Ledger hardware and various DApps. This library could affect a large number of EVM users and transactions if compromised.

The attack was initiated after a former Ledger employee was phished and their NPMJS account was compromised. “The attacker published a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7). The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet,” the company wrote on X.

A fix was released nearly 40 minutes after the issue was discovered by Ledger. The company is warning users to wait 24 hours before using its Ledger Connect Kit again.

Blockchain analytics platform Lookonchain claimed the hacker has stolen assets worth nearly $484,000, but the impact of the security breach could be bigger, noted Ledger. 

 Magazine: 2 years after John McAfee’s death, widow Janice is broke and needs answers