Yello Paradisers! A potential cybersecurity threat has emerged, targeting users of Ledger hardware wallets. Users are advised to exercise extreme caution and avoid using crypto web apps until further investigations are concluded.
Malicious Code in Ledger’s ConnectKit
The issue centers around Ledger’s ConnectKit, a software library that facilitates the connection between blockchain apps and Ledger devices. Reports of malicious code within this library have raised significant security concerns.
Immediate Responses from Crypto Platforms
SushiSwap, a decentralized exchange, quickly responded by taking its front-end web app offline. The platform identified a critical issue where the ledger connector was compromised, potentially leading to the injection of malicious code affecting various decentralized apps (dApps). Users are warned against interacting with any unexpected ‘Connect Wallet’ pop-ups.
Revoke.cash, a service enabling users to revoke transaction signing permissions from Web3 apps, also shut down its front-end as a precautionary measure.
Advisory to Crypto Users
Users are strongly advised to avoid engaging with any crypto dApps for the time being. The situation remains under investigation, and there is a risk of front-end web apps displaying malicious transactions for signing. While funds cannot be directly stolen from Ledger devices without user action, confirming such transactions could lead to lost funds.
Safety First Approach
In light of these developments, experts recommend a cautious approach, suggesting that it’s best to abstain from using crypto web apps altogether until further notice. This precaution is crucial to safeguard funds and personal information.
🟢Be careful what Hard Wallets you choose Paradisers, we recommend only THIS ONE (https://www.safepal.com/en/store/s1?ref=mycryptoparadise) Backed by Binance.