Cryptocurrency community members have posted responses to the Ledger Connect Kit exploit that has affected several decentralized applications (DApps) across the Web3 space.
On December 14, hackers used Ledger’s connector to attack the front ends of several DApps. Attackers compromised major apps such as SushiSwap, Phantom, and Revoke.cash and stole at least $484,000 in digital assets.
Ledger announced that it had resolved the issue three hours after the initial report of the attack. Pascal Gauthier, the company’s CEO, said this was an isolated incident and that the company was working with relevant law enforcement agencies to find the hackers and bring them to justice.
While Ledger claims this is an isolated incident, Consensys’ zero-knowledge rollup Linea has warned Web3 users that the vulnerability could impact the entire Ethereum Virtual Machine (EVM) ecosystem.
A day after the incident occurred, community members took to X (Twitter) to express their feelings about the Ledger incident. While some advised their followers to use other wallet platforms, others called on Ledger to open source everything.
Ledger’s Security Description pic.twitter.com/6hTeXYVWco
— Crypto PM (@CryptoPM_) December 15, 2023
On December 15, Bitcoin (BTC) advocate Brad Mills told X followers to use Bitcoin-specific hardware built by Bitcoin engineers focused on BTC security. mills urge Community members are advised not to register their friends for BTC using hardware wallets Ledger or Trezor.
In 2020, another Ledger incident exposed user information such as postal addresses, phone numbers, and email addresses. Referring to previous Ledger breaches, Ethereum Name Service developer Nick Johnson said in a post that no one should recommend hardware or use libraries.
Okay, then it’s clear. @ledger Due to multiple violations, we haven’t learned anything about opsec. At this point I don’t think anyone should recommend their own hardware or use a library.
— nick.eth (@nicksdjohnson) December 15, 2023
Depending on the To Johnson, Ledger has consistently ignored operational security and no longer deserves “the benefit of the doubt that it will improve.”
Related: The decentralized application will pause Ledger Connect as an exploit fix is deployed.
Meanwhile, cryptocurrency trader and analyst Krillin criticize Ledger called them out for spending a day deleting negative comments under X’s post.
During the December 14 hack, attackers used a phishing exploit to gain access to the computers of former Ledger employees. The breach occurred by accessing an employee’s Node Package Manager JavaScript account.
Community members after hack To advise Ledger makes “everything open source” and lets the community be the “surgeon” who puts it back together. The company announced on May 24 that it had open sourced many of its applications and was working to open source more code. .
According to community members, transparency is not a luxury, but a lifeline. “Trust demands open veins, not veiled promises once lost.”
magazine: ‘Account Abstraction’ Powers Up Your Ethereum Wallet: A Beginner’s Guide