Posted 12/14/2023, 1:47:57 PM
Ledger Users Warned Not to Connect to Dapps After Malicious Code Attack Drains Wallets
- Ledger warned users not to connect to dapps after a malicious version of the Ledger Connect Kit was identified that could drain wallets.
- The malicious code was injected into the Connect Kit's NPM package, affecting popular dapps like SushiSwap and Hey.xyz.
- Web3 developers recommended avoiding all dapps until teams confirm they've mitigated the attack.
- Even after Ledger fixes the code, projects using the library will need to update before it's safe to use related dapps.
- The attack comes amid recent criticism of Ledger's security after services like its "Recover" system and a fraudulent Ledger app drained user funds.