According to the Linea team, a zero-knowledge compilation of Consensys, an attack on the Ledger connector library could impact the entire Ethereum Virtual Machine (EVM) ecosystem.
Hackers targeted the Ledger connector library, which is designed to enable communication between Ledger hardware wallets and various decentralized applications (DApps). Wallet provider MetaMask was also affected by the security incident. According to a post on X (Twitter), MetaMask has deployed an update to address issues on its MetaMask portfolio. "Before executing any trades on the MetaMask Portfolio, please ensure you have the Blockaid feature turned on in the MetaMask Extension," the company warned on X.
Other affected protocols include Zapper, SushiSwap, Phantom, Balancer and Revoke.cash. Blockchain security firm CertiK that any DApp that imports the ledger’s CDN will automatically execute Drainer code, prompting victims to connect through any wallet they support.
Ledger is a popular hardware wallet used by many in the crypto community. Its connector library is a key component for connecting Ledger hardware and various DApps. If compromised, this library could impact many EVM users and transactions. The attack came after a former Ledger employee was phished and had their NPMJS account stolen. "An attacker has released a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7). The malicious code uses the rogue WalletConnect project to reroute funds to hacked wallets," the company wrote on X.
Ledger released a fix nearly 40 minutes after discovering the issue. The company warned users to wait 24 hours before using its Ledger Connect Kit. Blockchain analytics platform Lookonchain claimed hackers stole nearly $484,000 worth of assets, but the impact of the security breach could be much greater, Ledger noted.
