Ledger breach possibly affecting whole EVM ecosystem — Linea

4



The attack on Ledger’s connector library may be impacting the whole Ethereum Virtual Machine (EVM) ecosystem, according to the Linea team, a zero-knowledge rollup by Consensys. 

The hacker targeted the Ledger connector library, which was designed to enable communication between Ledger hardware wallets and various decentralized applications (DApps). Wallet provider MetaMask has also been affected by the security incident.

According to a post on X (formerly Twitter), MetaMask deployed an update to fix the issue, saying users on the latest version v2.121.0 would automatically be updated and should be able “to transact again.” Users of previous versions should “refresh your site data.”

Other affected protocols include Zapper, SushiSwap, Phantom, Balancer and Revoke.cash. Blockchain security firm Certik told Cointelegraph that any DApp importing the ledger CDN will automatically execute the drainer code, prompting victims to connect via any wallet they support.

Ledger is a popular hardware wallet used by many in the crypto community. Its connector library is a critical component that interfaces between the Ledger hardware and various DApps. This library could affect many EVM users and transactions if compromised.

The attack was initiated after a former Ledger employee was phished and their NPMJS account was compromised. “The attacker published a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7). The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet,” the company wrote on X.

A fix was released nearly 40 minutes after Ledger discovered the issue. The company is warning users to wait 24 hours before using its Ledger Connect Kit again.

Blockchain analytics platform Lookonchain claimed the hacker had stolen assets worth nearly $484,000, but the impact of the security breach could be bigger, noted Ledger. 

 Magazine: 2 years after John McAfee’s death, widow Janice is broke and needs answers