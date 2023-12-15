The wallet company confirmed this week’s exploit was an unfortunate isolated incident, after which Ledger launched Connect Kit version 1.1.8 on December 14, disabling the malicious code in Ledger and WalletConnect. Users are now safe, but as an extra precaution, it is recommended to wait 24 hours and clear the browser cache.

Ledger’s president and CEO, Pascal Gauthier, revealed that the security breach occurred when a former staff member became the victim of a phishing attack.

This enabled a malicious actor to upload a harmful file to Ledger’s npmjs, a JavaScript code package manager that is shared across all applications.

Collaborating with partner WalletConnect, Ledger responded rapidly to the incident and managed to eliminate and deactivate the malicious code on NPMJS within 40 minutes of its discovery.

In an update, Gauthier revealed that standard practice on the Paris-based crypto hardware wallet platform is that no one can deploy code without review from multiple parties. They acknowledged that they have strong access controls, internal reviews, and code multi-signature when it comes to most parts of its development.

Additionally, when an employee leaves the company, their access to all ledger systems is immediately revoked.

“This was an unfortunate isolated incident. This is a reminder that security is not static, and Ledger must continually improve our security systems and processes. In this area, Ledger will implement stronger security controls by adding our build pipeline, which applies strict software supply chain security to the NPM distribution channel.

Ledger said he is actively cooperating with authorities and assured that he will continue to assist in the ongoing investigation.

The platform said it will continue to work with affected users, cooperate to identify the responsible party, ensure legal consequences, trace the funds and cooperate with law enforcement to facilitate the recovery of the assets stolen from the hacker. .

