News Report Software Technology
December 14, 2023

Ledger ConnectKit Library Compromised with a Drainer, Posing Security Risks to Web3 Apps

In Brief

Ledger’s ConnectKit library was breached, replacing the legitimate tool with a drainer script that exposed numerous Web3 apps.

Ledger ConnectKit Library Compromised, Posing Security Risks to Web 3.0 Applications

A security breach occurred in the Web3 sphere, compromising the Ledger ConnectKit library, crucial for linking Ledger Live with applications. This hack involves the replacement of the library with a ‘drainer’ script, posing a serious threat to user funds.

The compromised package, ConnectKit —- automatically loads a JavaScript script from cdn.jsdelivr.net, which includes a drainer, into the global scope.

This infiltration made the frontend of applications using this library vulnerable, particularly after user authorization. Reports indicate that attackers have altered the wallet connection modal window, putting all wallet owners at risk, not just those using Ledger Live.

Warnings Issued by Ledger Security

Notable cryptocurrency security experts, including banteg, have confirmed the Ledger library’s compromise and are advising against interactions with any decentralized applications (dApps) until more clarity emerges. The vulnerability appears to also affect the ledger connect-kit-loader, as it specifies the dependency loosely.

The attack potentially impacts a wide range of parties, as indicated by a list of affected libraries and applications using the @ledgerhq/connect-kit. Ledger’s suggestion to use connect-kit loader for loading connect-kit exacerbates the issue, as even pinned versions of the loader fetch the latest version of connect-kit, leading to widespread infiltration.

Attackers have managed to compromise a significant number of libraries by targeting just the connect-kit. Ledger identifies version 1.1.4 as the last known safe release, but considers all releases up to 1.1.7, posted on the day of the attack, as compromised.

This security incident underscores the critical importance of robust cybersecurity measures in the rapidly evolving Web 3.0 domain, where even well-established tools like Ledger’s library are not immune to sophisticated cyber attacks.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

More articles
Nik Asti
Nik Asti

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

Hot Stories
Join Our Newsletter.
Latest News

Crypto In April 2025: Key Trends, Shifts, And What Comes Next

In April 2025, the crypto space focused on strengthening core infrastructure, with Ethereum preparing for the Pectra ...

Know More

From Ripple to The Big Green DAO: How Cryptocurrency Projects Contribute to Charity

Let's explore initiatives harnessing the potential of digital currencies for charitable causes.

Know More
Read More
Read more
White Hat Hacker Reveals Critical Flaw In Scroll, Co-Founder Defends Protocol Security
News Report Technology
White Hat Hacker Reveals Critical Flaw In Scroll, Co-Founder Defends Protocol Security
April 30, 2025
Crypto In April 2025: Key Trends, Shifts, And What Comes Next
Analysis News Report Technology
Crypto In April 2025: Key Trends, Shifts, And What Comes Next
April 30, 2025
Vitalik Buterin Calls For Community Discussion On Ethereum Decentralization Goals And Gas Limit Strategy
News Report Technology
Vitalik Buterin Calls For Community Discussion On Ethereum Decentralization Goals And Gas Limit Strategy
April 30, 2025
COTI Becomes Founding Member Of Saudi Arabia AI And Blockchain Centre
Business News Report Technology
COTI Becomes Founding Member Of Saudi Arabia AI And Blockchain Centre
April 30, 2025