Ledger eliminated exploit, company's CEO comments on situation

Ledger announced that it had completely removed the exploit and replaced the hacked library.

Ledger team noted that it had successfully replaced the hacked library with a fixed one. The malicious code has allegedly been deactivated, and the Ledger Connect Kit is now safe to use.

However, Ledger users doubted the words of the project team about the complete security of wallets. One of the subscribers drew attention to the fact that malicious code could remain in the cache. The company recommended waiting a while and clearing the cache in the browser.

Ledger CEO Pascal Gauthier noted that the reason for the hack lies in a targeted attack on one of the former employees.

“This exploit was the result of a former employee falling victim to a phishing attack, which allowed a bad actor to upload a malicious file to Ledger’s NPMJS (a package manager for Java code shared between apps).”

Pascal Gauthier, Ledger CEO

Gauthier said Ledger and the company’s partner WalletConnect worked together to update the software and fix the exploit within 40 minutes of its discovery. The company’s CEO called the incident an “unfortunate isolated incident.” He promised that the company would strengthen security measures.

On Dec. 14, 2023 hackers had attacked Ledger Connect. This is a software library that allows developers to connect decentralized applications (dApps) to Ledger wallets. By compromising Ledger Connect, hackers were able to inject malicious code into dApps that wallet owners can interact with.

One of the first to draw attention to problems with wallet security was crypto trader Jacob Canfield, who was popular in the crypto community. In his microblog, he shared a piece of code that scammers used to steal money from Ledger owners through Ledger Connect.

According to the Ledger team, the attack did not affect the Ledger Live application, through which wallet owners conduct transactions with assets. Physical wallets were also not affected.