Although hardware wallet company Ledger has fixed the attack on its library, DeFi users need to be careful for a while.
Ledger, “We detected a malicious version of Ledger Connect Kit and removed it.” and “the time period in which the money was stolen, “It was less than two hours.” explained.
In total during this time period Cryptocurrency worth $484,000 it was stolen.
Decentralized finance (DeFi) protocols use the Ledger ConnectKit library developed by Ledger to connect to hardware wallets. Protocols using the Connect Kit were affected by the attack. all affect the front is considered.
According to Ido Ben-Natan, CEO of blockchain security firm BlockAid, even if Ledger has updated the library “Many sites are still affected and users are being attacked.”
To completely eliminate the risk of attack, each protocol that uses Connect Kit must manually switch to the current version of the library.
One of the most popular Web3 wallets MetaMask, “Ledger has actively resolved the issue, but for now users are advised to wait 24 hours before using dApps that use the Ledger Connect Kit.” made the statement.