Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Ledger CEO Addresses Recent Hacking Incident, Calms Community

Ledger CEO Addresses Recent Hacking Incident, Calms Community

CryptodailyCryptodaily2023/12/15 09:37
By:Amara Khatri

Table of Contents

  • Gauthier Addresses Hack
  • An Example Of Collective Strength
  • Continuous Improvement In Security Needed
  • The Attack On Ledger

Ledger CEO Pascal Gauthier recently addressed the community about the recent hack that impacted Ledger and its systems. 

Gauthier’s message to the community brought significant relief to users and stakeholders following confirmation that the hack had been neutralized. 

Gauthier Addresses Hack 

The hack in question involved the injection of malicious code into Ledger’s Javascript library, targeting versions above version 11.4. In his message, Gauthier explained that the exploit in question resulted from a vulnerability that a bad actor took advantage of. The hacker gained access to the system through a phishing attack on a former employee. This allowed them to upload a malicious file to Ledger’s NPMJS, a package manager for Javascript code that is used across multiple applications. 

According to Gauthier, when Ledger discovered the hack, its team responded immediately to mitigate its impact. Ledger collaborated with WalletConnect to remove the compromised NPMJS and disable the malicious file. This action was undertaken within an hour of the exploit being identified and highlighted the team’s response and efficiency in dealing with a critical security breach. 

An Example Of Collective Strength 

Gauthier stressed that Ledger’s response to the hack demonstrated the company’s resolve and was an example of the collective strength within the industry. He highlighted the incident and the response to it as a testament to the ability of the DeFi community to address security challenges effectively. The incident, according to Gauthier, also highlighted the collaborative spirit that is crucial in maintaining integrity and trust in the DeFi ecosystem. 

Gauthier also assured users that Ledger’s internal processes prevent any single individual from having the authority to deploy codes on Ledger’s ConnectKit. A multi-party review system has also been implemented to ensure robust security. He also stated that Ledger revokes system access for employees leaving the organization as part of its standard security protocol. 

Continuous Improvement In Security Needed 

Gauthier also acknowledged that security in the decentralized finance ecosystem is not static and must be improved. He added that Ledger remains committed to implementing stronger security protocols, particularly by connecting their build pipeline. This implements strict software supply chain security to the NPM distribution channel. 

Ledger has also introduced a new version of their ConnectKit in response to the recent security breach. The new version, labeled version 1.1.8, directly results from the implications and lessons learned from Ledger’s hacking incident. It also highlights Ledger’s commitment to improving its security. The company has advised users to upgrade to the new version immediately as it introduces enhanced security measures designed to safeguard against similar vulnerabilities. 

Once users install the new version of the Ledger Connect Kit, there is a 24-hour waiting period before it becomes fully operational. Ledger has stated that the delay is necessary to ensure all new security protocols are implemented and functioning as intended. Users have been advised to plan their updates accordingly to minimize any potential disruption to their use of Ledger. 

The Attack On Ledger 

Ledger fell victim to a hack after hackers compromised the code behind a protocol utilized by several Web3 applications and services. Ledger announced on X (formerly Twitter) that hackers had released a malicious version of its Connect Kit. Ledger stated at the time that hackers had replaced the genuine version of its software, and the company was investigating the developments and would provide a comprehensive update. 

“The malicious version of the file was replaced with the genuine version at around 2:35 pm CET. The new genuine version should be propagated soon. We will provide a comprehensive report as soon as it’s ready. In the meantime, we’d like to remind the community to always Clear Sign your transactions - remember that the addresses and the information presented on your Ledger screen is the only genuine information.”

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Flash Thursday: Buy crypto with a credit/debit card for zero fees

Every Thursday, enjoy zero fees when using your local fiat currency with a credit or debit card ( Visa, Mastercard, Google Pay Apple Pay)! Buy Crypto Promotion period: Every Thursday 8:00 PM – Friday 8:00 PM (UTC+8) Promotion rules Sign up for a Bitget account or log in to your existing account. Na

Bitget Announcement2024/11/28 04:10

Chill Guy (CHILLGUY): The Meme Coin That’s All About Taking It Easy

What is Chill Guy (CHILLGUY)? Chill Guy (CHILLGUY) is a meme coin on Solana that embodies the spirit of calmness and simplicity. The meme coin is inspired by a viral meme of a relaxed, low-key dog. It’s a meme that has taken the internet by storm, celebrating the art of not worrying. The character

Bitget Academy2024/11/28 03:47