Ledger Connect Kit Exploited

Ledger had a major security incident after a former Ledger employee fell victim to a phishing attack. Bitcoin users unaffected.

Ledger Connect Kit Exploited
  • "December 14th, 2023, Ledger experienced an exploit on Ledger Connect Kit, a Javascript library to connect Web sites to wallets."
  • "The industry collaborated with Ledger to neutralize the exploit and try to freeze stolen funds very quickly – the exploit was effectively running for less than two hours."
"This exploit is currently being investigated, Ledger has filed complaints and will help affected individuals try to recover funds."
  • "This exploit did not and does not affect the integrity of Ledger hardware or Ledger Live," said Ledger CEO Pascal Gauthier.
  • "The exploit was limited to third party DApps which use the Ledger Connect Kit."

Full Disclosure / Archive