On Dec. 14, 2023, Ledger’s Connect Kit, a Javascript library for wallet connectivity, suffered a significant exploit. This incident, which was contained within two hours, has brought forth a number of criticisms of Ledger’s security practices.
Ledger Exploit Elicits Mixed Reactions From Crypto Sphere; Dapps and Tether Respond Promptly to Breach
Ledger, known for its crypto security solutions and hardware wallet manufacturing, faced an exploit in its Ledger Connect Kit, a Javascript tool used to connect websites to wallets. The breach, which lasted less than two hours, did not impact Ledger’s hardware or Ledger Live but was confined to third-party decentralized applications (dapps) using the Connect Kit. However, this has raised questions about Ledger’s software security protocols.
Jameson Lopp, a prominent figure in the crypto community and CTO of the bitcoin security provider Casa, pointed out three critical failures at Ledger: “Blindly loading code without pinning a specifi
We współpracy z: https://news.bitcoin.com/connect-kit-exploit-sparks-criticism-of-ledgers-security-framework/
