In response to a significant security breach, Ledger, a prominent crypto wallet provider, has issued a critical software update, urging users to upgrade to version 1.1.8 as soon as possible for increased security.
The company has advised users to wait a day before using the wallet after upgrading to the latest version.
When a former Ledger employee fell victim to a phishing attack, they unwittingly granted unauthorized access to their account.
Initially reported to be a loss of around $150,000, recent updates from Bitcoin.com indicate that the impact may have increased to around $484,000.
Ledger has been quick to respond to the breach, working tirelessly to determine the scope of the attack and implement necessary security measures.
With critical assistance from WalletConnect and Tether, the company was able to resolve the situation in a commendable 40-minute timeframe. Furthermore, Tether took proactive measures to freeze the hacker’s wallet.
The security flaw didn’t just affect Ledger users; it also had an impact on several decentralized finance (DeFi) protocols.
Notable projects such as SushiSwap, Kyber, RevokeCash, and Zapper faced difficulties as a result of a “supply chain attack.”
This type of attack involves embedding malicious code within apps, which can have a negative impact on the broader ecosystem.
In response to the security incident, Kyber and RevokeCash immediately disabled their services in order to prevent further harm and thoroughly assess the situation.
The issue was traced back to LedgerHQ’s ConnectKit versions after 1.1.4. While some crypto projects claimed to be unaffected, the incident highlights the inherent risks and vulnerabilities in the crypto landscape.
It is a stark reminder of the importance of strong security practices, as well as the need for users and projects to remain vigilant in the face of evolving threats.