Tuesday, 27 February 2024

Crypto News

Ledger attack shows company ‘learned nothing’ after multiple breaches: ENS developer

Ledger attack shows company ‘learned nothing’ after multiple breaches: ENS developer

Crypto community members have posted their responses to the Ledger Connect Kit exploit that affected multiple decentralized applications (DApps) across the Web3 space.

On Dec. 14, a hacker attacked the front end of multiple DApps using Ledger’s connector. The exploiter breached major apps such as SushiSwap, Phantom and Revoke.cash and stole at least $484,000 in digital assets.

Ledger announced that it had fixed the problem three hours after the initial reports about the attack. The firm’s CEO, Pascal Gauthier, said it was an isolated incident and noted that they are working with the relevant law enforcement agencies to find the hacker and “bring them to justice.”

While Ledger claims it was an isolated event, Linea, a zero-knowledge rollup by Consensys, warned Web3 users that the vulnerability could affect the entire Ethereum Virtual Machine (EVM) ecosystem.

A day after the incident, community members went on X (Twitter) to express their sentiments about the Ledger incident. Some advised followers to use other wallet platforms, while others called on Ledger to open-source everything.

On Dec. 15, Bitcoin (BTC) supporter Brad Mills told his X followers to use Bitcoin-only hardware built by Bitcoin engineers focused on securing BTC. Mills urged community members never to onboard their friends to BTC with hardware wallets Ledger or Trezor.

In 2020, another Ledger incident led to the leaking of user information like mailing addresses, phone numbers and email addresses. Referring to previous Ledger breaches, Ethereum Name Service developer Nick Johnson said in a post that no one should recommend their hardware or use their libraries.

According to Johnson, Ledger showed a consistent disregard for operational security and no longer deserves the “benefit of the doubt that they’ll improve.”

Related: Decentralized applications pause Ledger Connect as exploit fix deployed

Meanwhile, crypto trader and analyst Krillin criticized Ledger and called them out for spending a day removing negative comments under their posts on X.

During the hack on Dec. 14, the attacker utilized a phishing exploit to gain access to the computer of…

Click Here to Read the Full Original Article at Cointelegraph.com News…