Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
Home»EXCHANGE NEWS»Security Warning: Avoid using dApps due to Ledger Connectkit hack
EXCHANGE NEWS

Security Warning: Avoid using dApps due to Ledger Connectkit hack

By Crypto FlexsDecember 14, 20234 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Security Warning: Avoid using dApps due to Ledger Connectkit hack
Share
Facebook Twitter LinkedIn Pinterest Email

Malicious code injected into Ledger’s ConnectKit library compromised a number of decentralized finance (DeFi) applications this morning. This vulnerability allowed a wallet exfiltration exploit that links a user’s wallet when they visit an affected dapp, providing access to steal funds.


key point

  • Malicious code was injected into Ledger’s ConnectKit library, allowing a “wallet drainer” to steal funds from user accounts when connecting to a decentralized app (dapp).
  • The attack affected several dapps, including SushiSwap, Zapper, Balancer, and Revoke.cash. Users were prompted to link their wallets, which gave them access to the outflow.
  • Ledger acknowledged the issue and removed the malware, but said projects using the affected libraries should update to remain secure.
  • The vulnerability may still result in funds being depleted, so users should avoid interacting with any dapps that use Ledger’s connector kit until further notice.
  • The total amount of funds leaked so far is estimated to be in the hundreds of thousands of dollars, but the full impact is still being assessed.

The issue was first reported publicly by the developer on Twitter, warning users to avoid interacting with the dapp. Ledger soon confirmed that its ConnectKit library had been compromised and was pushing an update to replace the malware. However, Ledger warned users not to use any dapps in the meantime.

A number of popular DeFi platforms were affected, including major decentralized exchange SushiSwap. After becoming aware of the attack, SushiSwap took its front end offline, warning users that there was a serious issue with their Ledger connector. Other affected dapps include Zapper, Balancer, and Revoke.cash.

????????????? Red warning ????????????:

Please do not interact with any dApps until further notice. It appears that a commonly used web3 connector may have been compromised, allowing malicious code to be injected affecting a large number of dApps.

— I’m a software ??????? (@MatthewLilley) December 14, 2023

The malware exploited Ledger’s connector kit, which connects hardware wallets to decentralized apps to enable transaction signing. The code inserted a wallet address associated with the attacker, allowing funds to be drained from the user’s account when the browser wallet MetaMask approved the message.

Although the Ledger hardware wallet and the Ledger Live app itself were not compromised, malicious JavaScript injected into the ConnectKit library left Web3 users vulnerable when approving transactions on the dapp.

At least $150,000 has already been stolen, according to cybersecurity firm BlockAid, which first identified the wallet drainer payload. However, numerous dapps were compromised before Ledger removed the malware, so the full damage is still being assessed.

???? We have detected a potential supply chain attack against the Ledgerconnect kit ???
Attackers injected a wallet-draining payload into a popular NPM package.
This currently affects several popular dapps, including but not limited to https://t.co/2QJmKIGv9T.

— Block Aid (@blockaid_) December 14, 2023

Ledger accepted responsibility for the vulnerability, with the company’s CTO citing a “horrible series of mistakes” that could have compromised its content delivery network. This enabled JavaScript attacks when users interacted with dapps that relied on Ledger ConnectKit.

????We have identified and removed a malicious version of the Ledger Connect Kit. ????

A genuine version is currently being promoted to replace the malicious file. Do not interact with any dApps at this time. We will keep you posted as the situation develops.

With your Ledger device…

— Ledger (@Ledger) December 14, 2023

Even after Ledger patches the exploit, DeFi platforms using the affected libraries will need to update their wallet integrations before they can safely reconnect. With users warned to avoid decentralized apps for the time being, developers are scrambling to apply fixes to avoid further theft.

The cyberattack highlights the risks associated with connecting hardware wallets to DeFi platforms and serves as a reminder to exercise caution before approving a transaction. If users refrain from interacting with the dapp, their funds are likely not at risk, but the potential implications are still unfolding.

Hundreds of thousands have already been confirmed stolen. However, the full toll of this coordinated cyberattack on Web3 infrastructure is still unknown as many sites assess whether they unknowingly integrated compromised Ledger libraries, putting user funds at risk.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

AI Agents and Ethereum Protocol Security: What’s Changed

July 12, 2026

CASHCAT Trader converted $316 into $2.1 million on Robinhood Chain.

July 9, 2026

How to Hedge a Cryto Portfolio: A Beginner’s Guide (2026)

July 6, 2026
Add A Comment

Comments are closed.

Recent Posts

As AI platforms move away from unlimited, Sogni AI is launching a $20 fair use unlimited plan on community GPUs.

July 14, 2026

EthSystems Launches To Build Privacy Solutions For Institutions On Ethereum

July 14, 2026

MEXC Reports 7.1 Billion USDT In SpaceX Futures Volume As Q2 Closes The Gap To Wall Street

July 14, 2026

MEXC Reports 142% Volume Surge For MU Futures Following Record Micron Earnings Beat

July 14, 2026

OpenSea adds Good Vibes Club NFT to NFT Reserve

July 13, 2026

Bitmine Immersion Technologies (BMNR) Announces ETH Holdings Reach 5.77 Million Tokens, And Total Crypto And Total Cash Holdings Of $11.3 Billion

July 13, 2026

BYDFi Participates In Peru Blockchain Conference 2026, Engaging The LATAM Web3 Community

July 13, 2026

Byreal Marks First Anniversary With Strong Growth, RWA Leadership, And AI-Native Innovation On Solana

July 13, 2026

Aurra Markets Strengthens MENA Presence Following Money Expo Abu Dhabi 2026

July 13, 2026

MEXC Expands Ondo Tokenized Stock Lineup With SK Hynix And Four Other Trading Pairs

July 13, 2026

Ethereum Futures Break Records: Are Traders Seeing Bottom?

July 13, 2026

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

As AI platforms move away from unlimited, Sogni AI is launching a $20 fair use unlimited plan on community GPUs.

July 14, 2026

EthSystems Launches To Build Privacy Solutions For Institutions On Ethereum

July 14, 2026

MEXC Reports 7.1 Billion USDT In SpaceX Futures Volume As Q2 Closes The Gap To Wall Street

July 14, 2026
Most Popular

The white paper that created the cryptocurrency ZK-proofs wins the IEEE ‘Test of Time’ award

May 20, 2024

Legal battle in Korea: Extradition of provincial representative to jurisdiction | Latest Update – SEO Optimization – The Defi Info

March 7, 2024

Unlocking the Power of NFTs in Bitcoin: Exploring Digital Art on the Blockchain Using Ordinal Numbers – The Defi Info

February 29, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2026 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.