{"id":197019,"date":"2023-12-15T17:38:56","date_gmt":"2023-12-15T17:38:56","guid":{"rendered":"https:\/\/tokenstalk.info\/?p=197019"},"modified":"2023-12-15T17:38:56","modified_gmt":"2023-12-15T17:38:56","slug":"ledger-attack-shows-company-learned-nothing-after-multiple-breaches-ens-developer","status":"publish","type":"post","link":"https:\/\/tokenstalk.info\/crypto\/ledger-attack-shows-company-learned-nothing-after-multiple-breaches-ens-developer\/","title":{"rendered":"Ledger attack shows company \u2018learned nothing\u2019 after multiple breaches: ENS developer"},"content":{"rendered":"
Crypto community members have posted their responses to the Ledger Connect Kit exploit that affected multiple decentralized applications (DApps) across the Web3 space.<\/p>\n
On Dec. 14, a hacker attacked the front end of multiple DApps using Ledger\u2019s connector. The exploiter breached major apps such as SushiSwap, Phantom and Revoke.cash and stole at least $484,000 in digital assets.<\/p>\n
Ledger announced that it had fixed the problem three hours after the initial reports about the attack. The firm\u2019s CEO, Pascal Gauthier, said it was an isolated incident and noted that they are working with the relevant law enforcement agencies to find the hacker and \u201cbring them to justice.\u201d<\/p>\n
While Ledger claims it was an isolated event, Linea, a zero-knowledge rollup by Consensys, warned Web3 users that the vulnerability could affect the entire Ethereum Virtual Machine (EVM) ecosystem.<\/p>\n
A day after the incident, community members went on X (Twitter) to express their sentiments about the Ledger incident. Some advised followers to use other wallet platforms, while others called on Ledger to open-source everything.<\/p>\n
On Dec. 15, Bitcoin (BTC) supporter Brad Mills told his X followers to use Bitcoin-only hardware built by Bitcoin engineers focused on securing BTC. Mills urged community members never to onboard their friends to BTC with hardware wallets Ledger or Trezor.<\/p>\n
In 2020, another Ledger incident led to the leaking of user information like mailing addresses, phone numbers and email addresses. Referring to previous Ledger breaches, Ethereum Name Service developer Nick Johnson said in a post that no one should recommend their hardware or use their libraries.<\/p>\n
According to Johnson, Ledger showed a consistent disregard for operational security and no longer deserves the \u201cbenefit of the doubt that they\u2019ll improve.\u201d<\/p>\n
Related: <\/em><\/strong>Decentralized applications pause Ledger Connect as exploit fix deployed<\/em><\/strong><\/p>\n Meanwhile, crypto trader and analyst Krillin criticized Ledger and called them out for spending a day removing negative comments under their posts on X.<\/p>\n During the hack on Dec. 14, the attacker utilized a phishing exploit to gain access to the computer of a former Ledger employee. The employee\u2019s node package manager JavaScript account was accessed, leading to the breach.<\/p>\n Following the hack, a community member advised Ledger to \u201copen-source everything\u201d and let the community be their \u201csurgeon” to stitch them back together. The company announced on May 24 that it had open-sourced many of its applications and is\u00a0committed to open-sourcing more of its code.<\/p>\n According to community members, transparency is not a luxury but a lifeline. \u201cTrust, once lost, demands open veins, not veiled promises.\u201d<\/p>\n Magazine: <\/em><\/strong>\u2018Account abstraction\u2019 supercharges Ethereum wallets: Dummies guide<\/em><\/strong><\/p>\n