đź“— Date: 14 Dec, 2023
Source: egamers.io
Ledger, a key player in the cryptocurrency hardware wallet industry, has successfully patched a critical security flaw in its connector library. This vulnerability had impacted several decentralized applications (DApps), including notable names like SushiSwap and Revoke.cash.
Rapid Detection and Action
The security issue was first detected when multiple DApps using Ledger’s connector experienced unauthorized access. Upon discovery, Ledger acted promptly, replacing the compromised file version with its authentic counterpart by 1:35 pm UTC on the same day. This prompt response averted potential widespread asset drain from users’ accounts.
Advisory for Users
In the wake of this incident, Ledger has advised its users to exercise caution, particularly when executing transactions. The company emphasized the importance of verifying transaction details on the Ledger device screen, as discrepancies between this and the computer or phone screen could indicate fraudulent activity. Users were urged to halt any transaction immediately if any such inconsistency was observed.
Industry Response and Precautions
The incident garnered immediate attention from industry experts and DApp operators. SushiSwap’s Chief Technical Officer, Matthew Lilley, was among the first to raise the alarm, highlighting the widespread nature of the breach. Following this, Ledger’s response was critical in mitigating further damage.
Ensuring Future Safety
Ledger’s swift action to address the vulnerability showcases the company’s commitment to security. The incident serves as a reminder of the constant vigilance required in the digital asset space to protect against evolving cybersecurity threats.
While the exploit was patched, it might take some due to how CDNs work to be fully functional. We suggest NOT TO USE ANY DAPP for at least 24 hours.
🚨 Here’s the list of the known affected parties:
github.com/wevm/wagmi
github.com/wevm/wagmi
github.com/family/connectkit
github.com/scaffold-eth/scaffold-eth-2
github.com/RevokeCash/revoke.cash
github.com/blocknative/web3-onboard
github.com/blocknative/web3-onboard
github.com/liquity/dev
github.com/matter-labs/zksync-wallet-vue
github.com/bankisan/zkShield
github.com/zkemail/zk-email-verify
github.com/iron-wallet/iron
github.com/gmx-io/gmx-interface
github.com/blocknative/web3-onboard
github.com/reservoirprotocol/reservoir-kit
github.com/daimo-eth/daimo
github.com/AztecProtocol/aztec-packages
github.com/lifinance/widget
github.com/matter-labs/zksync-dapp-checkout
github.com/gnosis/zodiac-modifier-roles
github.com/scaffold-eth/Scaffold-ETH-DeFi-Challenges
github.com/cowprotocol/cowswap
github.com/cowprotocol/cowswap
github.com/cowprotocol/cowswap
github.com/canvasxyz/canvas
github.com/lifinance/widget
github.com/parity-asia/hackathon-2023-summer
github.com/ubiquity/ubiquity-dollar
github.com/TalismanSociety/talisman-web
github.com/BanklessDAO/bankless-website
github.com/lifinance/widget
github.com/TalismanSociety/talisman
github.com/zkemail/proof-of-twitter
github.com/Ifechukwudaniel/Oracles
github.com/Ifechukwudaniel/Oracles
github.com/noir-lang/noir-examples
github.com/voteagora/agora
github.com/coinbase/build-onchain-apps
github.com/Midas-Protocol/monorepo
github.com/austintgriffith/stupid-staking
github.com/MetaMask/metamask-sdk
github.com/threshold-network/token-dashboard
github.com/threshold-network/token-dashboard
github.com/privacy-scaling-explorations/bandada
github.com/lidofinance/lido-ethereum-sdk
github.com/haqq-network/frontend
github.com/reservoirprotocol/seaport-oracle
github.com/ameensol/pools-ui
github.com/Web3Auth/web3auth-wagmi-connector
github.com/Orbiter-Finance/zkprover-dapp
github.com/xmtp/xmtp-web
github.com/etherspot/etherspot-react-transaction-buidler-demo-dapp
github.com/base-org/web
github.com/unlock-protocol/examples
github.com/saRvaGnyA/decertify
github.com/scaffold-eth/OP-RetroPGF3-Discovery-Voting
github.com/lukso-network/universalprofile-test-dapp
github.com/ScopeLift/token-shielder
github.com/givepraise/praise
github.com/0xRusso/fr3ela
github.com/BreadchainCoop/breadchain-crowdstaking
github.com/unstoppabledomains/uauth
github.com/unstoppabledomains/uauth
github.com/hyperlane-xyz/hyperlane-warp-ui-template
github.com/mento-protocol/mento-web
github.com/harendra-shakya/blockchain-lottery
github.com/harendra-shakya/blockchain-lottery
github.com/harendra-shakya/blockchain-lottery
github.com/harendra-shakya/blockchain-lottery
github.com/Koniverse/SubConnect
github.com/saqlain1020/dapp-react-typescript-boiler
github.com/carletex/notion-eip712
github.com/BuidlGuidl/event-wallet
github.com/scobru/nimbus2000-ui
github.com/scobru/nimbus2000-ui
github.com/yieldprotocol/cacti-frontend
github.com/BuidlGuidl/hacker-houses-streams
github.com/jaxernst/scp
github.com/bee-io/web3-connect
github.com/bee-io/web3-connect
github.com/bee-io/web3-connect
github.com/moodysalem/eth-batch-deposit
github.com/AztecProtocol/zk-money
github.com/BuidlGuidl/zupass-scaffold-eth-2
github.com/LedgerHQ/connect-kit
github.com/LedgerHQ/connect-kit
github.com/LedgerHQ/connect-kit
github.com/LedgerHQ/connect-kit
github.com/LedgerHQ/connect-kit
github.com/LedgerHQ/connect-kit
github.com/LedgerHQ/connect-kit
github.com/LedgerHQ/connect-kit
github.com/LedgerHQ/connect-kit
github.com/elmol/zk-proof-of-humanity
github.com/swing-xyz/examples
github.com/ahmetson/nft-bridge
github.com/RogerPodacter/gas-lovers-nft
github.com/kmjones1979/scaffold-eth-2-solidity
github.com/irfanbozkurt/flashbot-recovery-bundler
github.com/amy-jung/collectivedaoarchives.catalog
github.com/ERC-3643/ERC-3643-DApp
github.com/austintgriffith/impersonator-vision
github.com/scaffold-eth/SablierV2_starterKit
github.com/gnosis/mech
npm/web3-onboard/ledger
npm/web3-onboard/ledger
npm/web3-onboard/ledger
github.com/succinctlabs/telepathy-messenger-demo
github.com/Votes-Project/votes-web
github.com/wevm/wagmi
github.com/cowprotocol/cowswap