Major Security Incident Affects Ethereum Virtual Machine Ecosystem

Multiple DApps Impacted by Attack on Ledger Connector Library

A recent security incident involving the Ledger connector library has raised concerns about the safety of the entire Ethereum Virtual Machine (EVM) ecosystem. The hacker targeted the library, which facilitates communication between Ledger hardware wallets and decentralized applications (DApps). Wallet provider MetaMask has also been affected by the attack, prompting warnings to web3 users.

MetaMask Deploys Update to Address Vulnerability

MetaMask has taken swift action to address the issue by deploying an update. Users on the latest version (v2.121.0) will be automatically updated and should be able to transact again. However, users of previous versions are advised to refresh their site data to ensure their safety.

Other Protocols Affected by the Security Breach

In addition to MetaMask, several other protocols have been impacted by the attack, including Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash. Blockchain security firm Certik has warned that any DApp importing the ledger CDN may execute the malicious code, potentially compromising user funds.

Compromised Ledger Connector Library Poses Risks for EVM Users

Ledger is a widely used hardware wallet within the crypto community, and its connector library plays a critical role in facilitating transactions with DApps. If compromised, this library could pose significant risks to EVM users. The attack was carried out by an individual who gained unauthorized access to a former Ledger employee's NPMJS account.

Ledger Urges Caution and Releases Fix

Ledger responded promptly to the incident, releasing a fix approximately 40 minutes after discovering the issue. However, as a precautionary measure, the company advises users to wait 24 hours before using the Ledger Connect Kit again. The investigation into the attack is ongoing.

Potential Impact of the Security Breach

Blockchain analytics platform Lookonchain estimates that the hacker may have stolen assets worth nearly $484,000. However, Ledger acknowledges that the true impact of the breach could be even greater.

Stay tuned for further updates on this developing story.