[ad_1]
Key Takeaways
- According to Pascal Gauthier, the hack on Ledger’s Javascript connector library was an isolated event, only affecting third-party dApps, not Ledger’s core hardware or platform;
- Ledger is determined to fortify security measures, including stricter software supply chain controls, to prevent future breaches;
- Initially estimated at $484,000, the hack’s impact grew to $504,000.
In response to the recent security breach, Ledger CEO Pascal Gauthier has issued a statement, reassuring the cryptocurrency community. Gauthier emphasized that the incident was an isolated event and outlined measures to bolster security moving forward.
The breach, which occurred on December 14th, involved Ledger’s Javascript connector library. Gauthier revealed that the exploit was quickly detected and deactivated within just 40 minutes.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer videos every week!
It was limited to third-party decentralized applications (dApps), ensuring Ledger’s hardware and Ledger Live app remained unaffected.
The root cause of the breach was attributed to a former employee falling victim to a phishing scam, leading to their identity being exploited in the hacked code. However, Gauthier highlighted Ledger’s commitment to security, stating:
We have strong access controls, internal reviews, and code multi-signatures when it comes to most parts of our development. This is the case in 99% of our internal systems. Any employee who leaves the company has their access revoked from every Ledger system.
Despite the breach, Gauthier characterized it as “an unfortunate isolated incident” and pledged to strengthen security controls. He detailed plans to connect their build pipeline to enhance software supply chain security to the NPM distribution channel, demonstrating Ledger’s dedication to preventing future breaches.
Gauthier also cautioned that similar hacks could potentially target other platforms and reassured users that Ledger Connect Kit 1.1.8 remained secure. He extended gratitude to WalletConnect, Tether, Chainalysis, and ZachXBT for their assistance during this challenging period.
As noted on X (Twitter) by many users, the breach impacted various dApps, including Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, also potentially affecting other programs similar to LedgerHQ / connect-kit. It is worth noting that any Ethereum Virtual Machine user who interacted with the affected dApps may have been affected by the breach.
Initially estimated at $484,000, the hack’s impact later increased to $504,000, according to Web3 security service Blockaid.
Ain is the Lead Crypto Researcher. Her vast experience with crypto and blockchain tech-related content allows her to identify the key pieces of information that should be presented to the learner, and ensure the validity of the gathered data.
With a degree in New Media studies, she has developed an extensive list of techniques to educate people via new, research-proven study models based on deduction and long-term human memory.
Ain approaches everything with unequivocal attention to detail. Her main goals are to erase the ambiguity surrounding many Web3 concepts, and to guide content writers in presenting difficult crypto-related concepts in an easy-to-understand manner.
Even though content strategy is her main passion, Ain also enjoys reading high-fantasy books and watching superhero movies.
[ad_2]
Source link