The Deets
- Malicious file identified and removed
- Replacement with a genuine version underway
- No compromise to Ledger devices and Ledger Live
- Emphasis on using Clear Sign to verify transactions
The Bulk
Ledger identified and removed a malicious version of the Ledger Connect Kit. This proactive measure was taken to protect users from potential security threats after a compromised version was discovered. The company is currently in the process of replacing the compromised file with a genuine version, ensuring the integrity of the product and user safety.
The issue was first detected and dealt with promptly, with the malicious file being replaced at approximately 8:35 a.m. ET. Ledger has reassured its customers that their Ledger devices and the Ledger Live app were not compromised during this incident. The company is working on propagating the new genuine version and plans to provide a comprehensive report once it's ready.
In light of this incident, Ledger has taken the opportunity to remind its users of the importance of security practices, particularly the use of Clear Sign. This feature allows users to verify transaction addresses and information directly on their Ledger device, providing an additional layer of security. Ledger emphasizes that if there is a discrepancy between the information shown on the Ledger device and the computer or phone screen, users should immediately halt the transaction.
🎤 Community Quotes
A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.Ledger
📊 By the Numbers
As of one hour ago, ZachXBT reported the wallets associated had drained more than $600,000 from unsuspecting users.
🔜 What's Next?
Ledger will release a comprehensive report detailing the incident and measures taken. Users are encouraged to stay updated through Ledger’s official channels.
For more web3 and NFT news,
visit the Lucky Trader newsfeed.
