Hundreds of Thousands Impacted as Hackers Drain $610K+ From Ledger Users Through Compromised Libraries
-
Multiple DApps using Ledger's connector library were compromised, including SushiSwap and Revoke.cash. Malicious code was injected to drain user funds.
-
The issue stemmed from Ledger's content delivery network being compromised. A wallet drainer was added to the Ledger connector library.
-
Over $610K were reportedly drained from users. The number of impacted funds is estimated in the hundreds of thousands.
-
Ledger has reportedly patched the vulnerability by replacing the malicious file with a genuine version.
-
Users are advised not to interact with any DApps using the Ledger connector library until further notice. Ledger devices themselves are reportedly not at risk if not transacting.