News Report Software Technology
December 14, 2023

Ledger ConnectKit Library Compromised with a Drainer, Posing Security Risks to Web3 Apps

In Brief

Ledger’s ConnectKit library was breached, replacing the legitimate tool with a drainer script that exposed numerous Web3 apps.

Ledger ConnectKit Library Compromised, Posing Security Risks to Web 3.0 Applications

A security breach occurred in the Web3 sphere, compromising the Ledger ConnectKit library, crucial for linking Ledger Live with applications. This hack involves the replacement of the library with a ‘drainer’ script, posing a serious threat to user funds.

The compromised package, ConnectKit —- automatically loads a JavaScript script from cdn.jsdelivr.net, which includes a drainer, into the global scope.

This infiltration made the frontend of applications using this library vulnerable, particularly after user authorization. Reports indicate that attackers have altered the wallet connection modal window, putting all wallet owners at risk, not just those using Ledger Live.

Warnings Issued by Ledger Security

Notable cryptocurrency security experts, including banteg, have confirmed the Ledger library’s compromise and are advising against interactions with any decentralized applications (dApps) until more clarity emerges. The vulnerability appears to also affect the ledger connect-kit-loader, as it specifies the dependency loosely.

The attack potentially impacts a wide range of parties, as indicated by a list of affected libraries and applications using the @ledgerhq/connect-kit. Ledger’s suggestion to use connect-kit loader for loading connect-kit exacerbates the issue, as even pinned versions of the loader fetch the latest version of connect-kit, leading to widespread infiltration.

Attackers have managed to compromise a significant number of libraries by targeting just the connect-kit. Ledger identifies version 1.1.4 as the last known safe release, but considers all releases up to 1.1.7, posted on the day of the attack, as compromised.

This security incident underscores the critical importance of robust cybersecurity measures in the rapidly evolving Web 3.0 domain, where even well-established tools like Ledger’s library are not immune to sophisticated cyber attacks.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

More articles
Nik Asti
Nik Asti

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

Hot Stories
Join Our Newsletter.
Latest News

The Calm Before The Solana Storm: What Charts, Whales, And On-Chain Signals Are Saying Now

Solana has demonstrated strong performance, driven by increasing adoption, institutional interest, and key partnerships, while facing potential ...

Know More

Crypto In April 2025: Key Trends, Shifts, And What Comes Next

In April 2025, the crypto space focused on strengthening core infrastructure, with Ethereum preparing for the Pectra ...

Know More
Read More
Read more
Gate Transparency Report: 85% Employee Inclusion Rate And 3.2x Industry-High Retention Highlight Workforce Strength
Business News Report Technology
Gate Transparency Report: 85% Employee Inclusion Rate And 3.2x Industry-High Retention Highlight Workforce Strength
July 30, 2025
Binance Wallet Unveils DEX Pro Mode For Advanced Trading Experience
News Report Technology
Binance Wallet Unveils DEX Pro Mode For Advanced Trading Experience
July 30, 2025
Gate Launchpad: Enabling Early Investor Access To High-Potential Crypto Projects
News Report Technology
Gate Launchpad: Enabling Early Investor Access To High-Potential Crypto Projects
July 30, 2025
STON.fi Dev Raises $9.5M Series A Funding Round To Scale DeFi On TON
Business News Report Technology
STON.fi Dev Raises $9.5M Series A Funding Round To Scale DeFi On TON
July 30, 2025