Members of the crypto community have posted their reactions to the Ledger Connect Kit exploit, which has affected several decentralized applications (dApps) in the Web3 sector.
On December 14, a hacker attacked the front Multiple DApps using Ledger’s connector. Exploiters breached major apps like SushiSwap, Fantom and Revok.Cash At least $484,000 stolen In digital assets.
Ledger announced that it had fixed the problem three hours after the initial report about the attack. Company CEO Pascal Gauthier said this it was an isolated incident And noted that they are working with relevant law enforcement agencies to find the hacker and “bring them to justice.”
While Ledger claims this was an isolated incident, a zero-knowledge rollup by Linnea, ConsenSys, Web3 users warned This vulnerability could affect the entire Ethereum Virtual Machine (EVM) ecosystem.
A day after the incident, community members took to X (Twitter) to express their feelings about the laser incident. Some advised followers to use other wallet platforms, while others called for Ledger to open-source everything.
Explained about laser safety pic.twitter.com/6hTeXYVWco
– Crypto PM (@CryptoPM_) 15 December 2023
On December 15, Bitcoin (B T c) Supporter Brad Mills tells his X followers to use Bitcoin-only hardware built by Bitcoin engineers that focuses on securing BTC. Mills to plead strongly Community members should never allow their friends to mine BTC with hardware wallets Ledger or Trezor.
In 2020, due to another laser incident User information leaked Such as postal addresses, phone numbers and email addresses. Referring to previous Ledger breaches, Ethereum name service developer Nick Johnson said in a post that no one should recommend their hardware or use their libraries.
ok, so it’s clear @Ledger Nothing has been learned about OPSEC from many of the breaches. At this point I don’t think anyone in good conscience should recommend their hardware or use their libraries.
– Nick.eth (@nicksdjohnson) 15 December 2023
According According to Johnson, Ledger has shown a persistent disregard for operational safety and is no longer entitled to “the benefit of the doubt that they will improve”.
Connected: Decentralized applications stop Ledger Connect when exploit fix is deployed
Meanwhile, crypto trader and analyst Krillin criticized Ledger called for him to spend a day deleting negative comments under his posts on X.
During the hack on December 14, the attackers used phishing exploit To gain access to a former Ledger employee’s computer. The employee’s Node Package Manager JavaScript account was accessed, resulting in the breach.
After the hack, a community member gave advice Ledger is to “open-source everything” and let the community be their “surgeon” to stitch them back together. The company announced on May 24 that it has open-sourced many of its applications and is Committed to open-sourcing more of its code,
According to community members, transparency is not a luxury but a lifeline. “Trust, once lost, demands open promises, not hidden promises.”
magazine: ‘Account Abstraction’ Supercharges Ethereum Wallet: Dummies Guide