Table of Contents
Toggle
Ledger Module Hijacked
Ledger: Remove Malicious Version, Do Not Interact with Any DApps Temporarily
MetaMask: Release Fix Program
Ledger Module Hijacked
On the evening of the 14th, Yu Xian, the founder of cybersecurity firm SlowMist, tweeted that the Ledger module had been hijacked and tampered with in the supply chain. Many DApps rely on the affected Ledger Connect Kit, and the extent of the impact is still unclear. Users should be more cautious when executing DApp operations.
Front-ends of various DApps, including Balancer, Zapper, and Sushi, are all affected. Permission query tool Revoke.cash has also temporarily shut down its website.
Ledger: Remove Malicious Version, Do Not Interact with Any DApps Temporarily
In a subsequent tweet, Ledger stated that they have identified and removed the malicious version of the Ledger Connect Kit. They advised users not to interact with any DApps temporarily and emphasized that Ledger hardware devices and Ledger Live are not affected. A comprehensive incident report will be provided later.
MetaMask: Release Fix Program
In response to this incident, MetaMask recommends users to download and enable the Blockaid extension software. The MetaMask Portfolio team has developed a fix program that will be released later.
Yu Xian mentioned that the response and repair from all parties have been faster than expected, and the crisis should have subsided. However, he also mentioned that it is best to refrain from any operations and wait patiently for the repairs from all parties.
Ledger
Ledger Connect Kit
Related Readings
Ledger Releases Updated Version, Vulnerability Due to Phishing of Former Employee, Tether Freezes Hacker’s Address
Ledger Re-launches “Wallet Recovery” Service, Internet Commentaries: Assets Could be Confiscated by Governments.