Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Ledger breach indicates the firm has not improved security measures following previous incidents, according to ENS developer.
Members of the crypto community have shared their reactions to the Ledger Connect Kit exploit that impacted several decentralized applications (DApps) within the Web3 ecosystem.
On December 14, a hacker targeted the front end of various DApps utilizing Ledger’s connector. The attacker compromised significant applications such as SushiSwap, Phantom, and Revoke.cash, resulting in the theft of at least $484,000 in digital assets.
Ledger reported that they resolved the issue three hours after the first alerts regarding the attack. The company’s CEO, Pascal Gauthier, characterized it as a singular incident and mentioned that they are collaborating with appropriate law enforcement agencies to locate the hacker and “bring them to justice.”
Although Ledger asserts it was a unique occurrence, Linea, a zero-knowledge rollup developed by Consensys, cautioned Web3 users that the vulnerability might impact the entire Ethereum Virtual Machine (EVM) ecosystem.
The day following the incident, community members took to X (formerly Twitter) to share their thoughts on the Ledger situation. Some recommended alternative wallet platforms, while others urged Ledger to make their code open-source.
On December 15, Bitcoin (BTC) advocate Brad Mills advised his X followers to utilize Bitcoin-only hardware created by Bitcoin engineers dedicated to securing BTC. Mills encouraged community members to refrain from introducing their friends to BTC using hardware wallets from Ledger or Trezor.
In 2020, another incident involving Ledger resulted in the exposure of user data, including mailing addresses, phone numbers, and email addresses. Referencing past Ledger breaches, Ethereum Name Service developer Nick Johnson stated in a post that no one should endorse their hardware or utilize their libraries.
Related Posts
Johnson expressed that Ledger has consistently shown a lack of regard for operational security and no longer merits the “benefit of the doubt that they’ll improve.”
Related: Decentralized applications pause Ledger Connect as exploit fix deployed
In the meantime, crypto trader and analyst Krillin criticized Ledger, accusing them of spending a day deleting negative comments from their posts on X.
During the breach on December 14, the attacker employed a phishing exploit to access the computer of a former Ledger employee. The employee’s node package manager javascript account was compromised, resulting in the breach.
After the hack, a community member suggested that Ledger should “open-source everything” and allow the community to act as their “surgeon” to help them recover. The company announced on May 24 that they have open-sourced many of their applications and are committed to further open-sourcing additional code.
Community members emphasized that transparency is essential, stating, “Trust, once lost, demands open veins, not veiled promises.”
Magazine: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide
