Ledger Addresses Security Breach: Confirms Isolated Incident

Ledger Addresses Security Breach: Confirms Isolated Incident

The wallet company confirmed that this week’s exploit was an unfortunate isolated incident, after which Ledger launched Connect Kit version 1.1.8 on December 14th, deactivating malicious code in Ledger and WalletConnect. Users are now protected, but as an extra precaution, it is recommended to wait for 24 hours and clear the browser cache.

Ledger’s Chairman and CEO, Pascal Gauthier, disclosed that the security breach occurred when a former staff member fell prey to a phishing attack.

  • This enabled a malicious actor to upload a harmful file to Ledger’s NPMJS, a JavaScript code package manager shared across applications.
  • Collaborating with partner WalletConnect, Ledger swiftly responded to the incident, managing to eliminate and deactivate the malicious code on NPMJS within 40 minutes of its discovery.
  • In an update, Gauthier revealed that the standard practice at the Paris-based crypto hardware wallet platform is that no single person can deploy code without review by multiple parties. He admitted having strong access controls, internal reviews, and code multi-signatures when it comes to most parts of its development.
  • Furthermore, when an employee departs from the company, their access to all Ledger systems is promptly revoked.

“This was an unfortunate isolated incident. It is a reminder that security is not static, and Ledger must continuously improve our security systems and processes. In this area, Ledger will implement stronger security controls, connecting our build pipeline that implements strict software supply chain security to the NPM distribution channel.”

  • Ledger said that it is actively cooperating with authorities and assured that it will continue to assist in the ongoing investigation.
  • The platform said that it will continue to work with affected users, collaborate to identify the responsible party, ensure legal consequences, trace the funds, and cooperate with law enforcement to facilitate the recovery of stolen assets from the hacker.
SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Chronicles Live is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – chronicleslive.com. The content will be deleted within 24 hours.

Leave a Comment