The vulnerability Ledger has been patched, but affected several popular decentralized services, whose administrators were forced to disable the user interface
The widely used code of Ledger cryptocurrency wallet authorization service has been compromised. Company representatives released a statement saying that they managed to remove the malicious code, but the vulnerability was exploited for two hours and spread to most popular decentralized crypto services such as Curve, SushiSwap, Zapper or Revoke-cash.
When authorizing in decentralized financial applications (dApps) via LedgerConnect service from hardware crypto wallet maker Ledger, malicious code was executed in them. The vulnerability reportedly does not affect the software of the Ledger devices themselves.
Administrators of popular platforms have confirmed the vulnerability, disabled access to the online interface on their sites and urged users not to use any Web3 applications until the situation is clarified.
Curve service administrators urge not to use the LedgerConnect service for authorization
The LedgerConnect code library, which is used for authorization by many major crypto services, was compromised by a hacker, allowing him to inject a so-called drainer into the code – a malicious smart contract that allows him to deduct all funds from users’ wallet when they interact with it. At the time of publication, the amount of damage from the attack is unknown.
Latest news:
Bitwise predicted Bitcoin at $80k in 2024
Bernstein predicted a five-fold increase in the price of Bitcoin
Broker Robinhood will buy back its shares from Bankman-Fried for $605.7 million
