Crypto users are now looking for different wallet options as Ledger is once again in the hot seat due to a security breach in their software libraries.
It is specific to Ledger’s Connect Kit and decentralized applications (dApps). So, if you are not using any dApps, you are fine. If you are, please do not use them for the next week or so.
Ledger said the main issue has been resolved, but you never know — there could be additional exploits and problems in the next few days.
Ledger’s Quick Response
The good news though is that Ledger did a good job in updating the timeline, being transparent, highlighting what is happening in real time.
Even their CEO, Pascal Gautheir, stepped up and said, “My personal commitment: Ledger will dedicate as much internal and external resources as possible to help the affected individuals recover their assets.”
Read: OKX Exchange Security Breach: Key Takeaways From The Unfortunate Event
Exploit Causes Confusion, Panic, And Anger In Crypto Community
Here’s the TLDR of what happened and let’s highlight the problem that angered the crypto community.
A former Ledger employee got phished and his credentials were used to change a single file in a JavaScript package that many dApps share and use. These included big names like Sushi and Zapper. Ledger noted that no hardware devices were compromised, and this file was entirely used by dApps that wanted compatibility with the Ledger wallet.
Within two hours, the community had identified the exploit and reverted the file to its safe version. By then, nearly half a million dollars had been drained from victims’ wallets. The Tether Foundation has frozen the funds of the hacker involved.
The community now questions Ledger on how, as a security hardware firm protecting people’s assets, did not revoke the access of a former employee — that is like Business 101.
In practice, if someone is working with different companies and if they leave the job or get laid off, the company is supposed to be cutting off access to that former employee.
Ledger is supposed to have the highest of the highest standards when it comes to security, because they are working on protecting people’s funds. Yet, they have again disappointed their customers.
Read: Ledger Under Fire Over Its Controversial Recovery Service
Final Thoughts
I know that many crypto companies and any new technology companies are going to have bugs. They are going to face a lot of hackers and bad actors trying to take them down. But the things that Ledger did really pissed the crypto community.
With the problem still fresh on the people’s minds, this is what’s going to drive them to centralized exchanges and even qualified custodians.
The qualified custodians however, it is not necessarily an issue because they have insurance and so forth. But it’s stuff like this that’s going to drive people to centralized exchanges. And we can’t have this and try to bring in the next billion people into crypto.