Ledger: Genuine and verified Ledger Connect Kit version 1.1.8 is now safe to use
Ledger has released the latest update on the vulnerability on the X platform, stating that the genuine and validated Ledger Connect Kit version 1.1.8 has now been spread and can be safely used. For builders who are developing Ledger Connect Kit code and interacting with it: the connect-kit development team on the NPM project is now read-only and cannot directly push NPM packages for security reasons.
In addition, malicious code uses the rogue WalletConnect project to reroute funds to hacker wallets. -Ledger's technical and security teams received alerts and deployed fixes within 40 minutes of Ledger's awareness. The survival time of this malicious file is about 5 hours, but the time window for funds to be depleted is less than two hours.
The team is filing complaints and working with law enforcement to investigate and find the attacker, and is studying the vulnerability to avoid further attacks.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Hydration launches decentralized lending platform on Polkadot
Shiba Inu Dev Responds to Shibarium’s Integration of Chainlink’s CCIP for Seamless Connectivity
AAVE breaks above $200
Vancouver mayor proposes Bitcoin adoption as reserve asset