Ledger's Software Bug Enables $600K Crypto Theft Via Popular Wallets
-
Ledger's "Ledger dApp Connect Kit" library was compromised, allowing a wallet-draining script to be injected and steal $600K in crypto.
-
The malicious script targeted Coinbase, Trust Wallet, MetaMask and automatically transferred funds out.
-
Versions 1.1.5 through 1.1.7 of the Connect Kit were affected over a 5 hour period before Ledger deployed a fix.
-
Ledger has advised users to avoid interacting with any dApps until confirmed they are using the latest safe Connect Kit version.
-
The hardware wallets themselves were not compromised, just the dApp connection library, but users should remain vigilant of phishing attempts.