{"id":26723,"date":"2023-12-16T19:06:54","date_gmt":"2023-12-16T19:06:54","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/ledger-attack-shows-company-learned-nothing-after-multiple-breaches-ens-developer\/"},"modified":"2023-12-16T19:06:56","modified_gmt":"2023-12-16T19:06:56","slug":"ledger-attack-shows-company-learned-nothing-after-multiple-breaches-ens-developer","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/ledger-attack-shows-company-learned-nothing-after-multiple-breaches-ens-developer\/","title":{"rendered":"Ledger attack shows company \u2018learned nothing\u2019 after multiple breaches: ENS developer"},"content":{"rendered":"
<\/p>\n
Crypto community members have posted their responses to the Ledger Connect Kit exploit that affected multiple decentralized applications (DApps) across the Web3 space.<\/p>\n
On Dec. 14, a hacker attacked the front end of multiple DApps using Ledger\u2019s connector. The exploiter breached major apps such as SushiSwap, Phantom and Revoke.cash and stole at least $484,000 in digital assets.<\/p>\n
Ledger announced that it had fixed the problem three hours after the initial reports about the attack. The firm\u2019s CEO, Pascal Gauthier, said it was an isolated incident and noted that they are working with the relevant law enforcement agencies to find the hacker and \u201cbring them to justice.\u201d<\/p>\n
While Ledger claims it was an isolated event, Linea, a zero-knowledge rollup by Consensys, warned Web3 users that the vulnerability could affect the entire Ethereum Virtual Machine (EVM) ecosystem.<\/p>\n
A day after the incident, community members went on X (Twitter) to express their sentiments about the Ledger incident. Some advised followers to use other wallet platforms, while others called on Ledger to open-source everything.<\/p>\n
\nLedger’s security explained pic.twitter.com\/6hTeXYVWco<\/a><\/p>\n
\u2014 Crypto PM (@CryptoPM_) December 15, 2023<\/a><\/p><\/blockquote>\n
On Dec. 15, Bitcoin (BTC) supporter Brad Mills told his X followers to use Bitcoin-only hardware built by Bitcoin engineers focused on securing BTC. Mills urged<\/a> community members never to onboard their friends to BTC with hardware wallets Ledger or Trezor.<\/p>\n
In 2020, another Ledger incident led to the leaking of user information like mailing addresses, phone numbers and email addresses. Referring to previous Ledger breaches, Ethereum Name Service developer Nick Johnson said in a post that no one should recommend their hardware or use their libraries.<\/p>\n
\nOkay, so it’s clear @Ledger<\/a> has learned nothing about opsec from multiple breaches. At this point I don’t think anyone should in good conscience recommend their hardware or use their libraries.<\/p>\n
\u2014 nick.eth (@nicksdjohnson) December 15, 2023<\/a><\/p><\/blockquote>\n
According<\/a> to Johnson, Ledger showed a consistent disregard for operational security and no longer deserves the \u201cbenefit of the doubt that they\u2019ll improve.\u201d<\/p>\n
Related: <\/em><\/strong>Decentralized applications pause Ledger Connect as exploit fix deployed<\/em><\/strong><\/p>\n
Meanwhile, crypto trader and analyst Krillin criticized<\/a> Ledger and called them out for spending a day removing negative comments under their posts on X.<\/p>\n
During the hack on Dec. 14, the attacker utilized a phishing exploit to gain access to the computer of a former Ledger employee. The employee\u2019s node package manager JavaScript account was accessed, leading to the breach.<\/p>\n