{"id":26627,"date":"2023-12-14T17:31:34","date_gmt":"2023-12-14T17:31:34","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/ledger-breach-possibly-affecting-whole-evm-ecosystem-linea\/"},"modified":"2023-12-14T17:31:36","modified_gmt":"2023-12-14T17:31:36","slug":"ledger-breach-possibly-affecting-whole-evm-ecosystem-linea","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/ledger-breach-possibly-affecting-whole-evm-ecosystem-linea\/","title":{"rendered":"Ledger breach possibly affecting whole EVM ecosystem \u2014 Linea"},"content":{"rendered":"

<\/p>\n

\n

The attack on Ledger\u2019s connector library may be impacting the whole Ethereum Virtual Machine (EVM) ecosystem, according<\/a> to the Linea team, a zero-knowledge rollup by Consensys.<\/p>\n

The hacker targeted the Ledger connector library, which was designed to enable communication between Ledger hardware wallets and various decentralized applications (DApps). Wallet provider MetaMask has also been affected by the security incident. <\/p>\n

\n

To all web3 users,
It looks like this vulnerability is affecting multiple dapps across the whole EVM ecosystem. It is very risky to interact with any dapps until the issue is properly addressed.<\/p>\n

Stay safe out there! https:\/\/t.co\/kFykLW4lWm<\/p>\n

\u2014 Linea (@LineaBuild) December 14, 2023<\/a><\/p><\/blockquote>\n

According to a post on X (Twitter), MetaMask deployed an update to fix the issue on its MetaMask Portfolio. \u201cPlease ensure that you have the Blockaid feature turned on in MetaMask Extension before performing any transactions on MetaMask Portfolio,\u201d the company warned<\/a> on X.<\/p>\n

Other affected protocols include Zapper, SushiSwap, Phantom, Balancer and Revoke.cash. Blockchain security firm CertiK told Cointelegraph that any DApp importing the ledger CDN will automatically execute the drainer code, prompting victims to connect via any wallet they support.<\/p>\n

Ledger is a popular hardware wallet used by many in the crypto community. Its connector library is a critical component that interfaces between the Ledger hardware and various DApps. This library could affect many EVM users and transactions if compromised.<\/p>\n

The attack was initiated after a former Ledger employee was phished and their NPMJS account was compromised. \u201cThe attacker published a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7). The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet,\u201d the company wrote on X.<\/p>\n

A fix was released nearly 40 minutes after Ledger discovered the issue. The company is warning users to wait 24 hours before using its Ledger Connect Kit again.<\/p>\n

\n

FINAL TIMELINE AND UPDATE TO CUSTOMERS:<\/p>\n

4:49pm CET:<\/p>\n

Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.<\/p>\n

The investigation continues, here is the timeline of what we know about\u2026<\/p>\n

\u2014 Ledger (@Ledger) December 14, 2023<\/a><\/p><\/blockquote>\n

Blockchain analytics platform Lookonchain claimed the hacker had stolen assets worth nearly $484,000,\u00a0but the impact of the security breach could be bigger, noted Ledger.<\/p>\n

\u00a0Magazine:<\/em><\/strong> 2 years after John McAfee\u2019s death, widow Janice is broke and needs answers<\/em><\/strong><\/p>\n<\/div>\n