More decentralized applications (DApps) have temporarily disabled their front-end user interface for Ledger Connect amid an exploit on Dec. 14.<\/p>\n
Developers of the nonfungible token (NFT) platform OpenSea said on Dec. 14 that users should \u201cnot connect to any dApps using Ledger Connect until further notice.\u201d<\/p>\n
Meanwhile, the decentralized finance (DeFi) protocol Lido Finance stated its \u201cfront-ends have been switched off as a precautionary measure whilst the Ledger connect issue is being investigated.\u201d<\/p>\n
Earlier in the day, the front ends of Zapper, SushiSwap, Phantom, Balancer and Revoke.cash were compromised as part of the Ledger Connect exploit. Ledger has since stated that the exploit has been patched, with the issue stemming from a \u201cmalicious version of the Ledger Connect Kit.\u201d<\/p>\n
Preliminary reports claim that the attack has drained at least $484,000 in digital assets. Tether, the issuer of the Tether (USDT) stablecoin, has since frozen the exploiter\u2019s address. According to Ledger developers, a \u201cgenuine version\u201d of the Ledger Connect Kit is \u201cbeing propagated now automatically.\u201d That said, users are recommended to wait 24 hours before using the kit again.<\/p>\n
The exploit has been attributed to a phishing attack on a former Ledger employee, allowing hackers to access sensitive information. \u201cWe are filing a complaint and working with law enforcement on the investigation to find the attacker,\u201d developers wrote. An estimated two hours lapsed between the draining of funds and when a fix was deployed.<\/p>\n