Watch Your Ledger! ConnectKit Exploit Puts dApp & DeFi Users At Risk

Why Trust Techopedia Crypto

A critical exploit in the Ledger ConnectKit library has been discovered, putting multiple dApps at risk through no fault of their own. Be careful connecting your Ledger to dApps today.

Today might be a good day to stay off decentralized finance (DeFi).

In a recent cybersecurity incident that has sent shockwaves through the decentralized application (dApp) ecosystem, a critical exploit in the Ledger ConnectKit library has been discovered, putting multiple dApps at risk. 

The security breach stems from a compromised software library connected to Ledger, a renowned hardware wallet provider, and has raised serious concerns over the safety of digital assets.

Origin of the Exploit: How Was Ledger ConnectKit Compromised?

Developers first identified the vulnerability on Twitter, which was later confirmed by security firm BlockAid as a “supply chain attack” on Ledger’s ConnectKit.

The attackers replaced the legitimate library software with malicious code designed to drain assets from unsuspecting users.

SushiSwap CTO Matthew Lilley identified the root cause as a compromise of the content delivery network (CDN) hosting the ConnectKit software library. 


According to Lilley, any dApp using Ledger’s ConnectKit was susceptible to the exploit.

Impact on Decentralized Applications (dApps)

The attack’s implications were immediate and widespread, with repercussions across the crypto industry.

Several prominent dApps, including Kyber and RevokeCash, acknowledged the threat and disabled their front ends as a precautionary measure. 

The injected malicious code could affect the front ends of multiple dApps, leading to a significant risk for users and their assets.

Blockaid estimated the initial loss at around $150,000, which later escalated to over half a million dollars.

In response, stablecoin issuer Tether blacklisted the hacker’s address to prevent further transactions.

Ledger’s Crisis Response and Updated Security Measures

Ledger quickly acknowledged the issue, stating, “We have identified and removed a malicious version of the Ledger ConnectKit. A genuine version is being pushed to replace the malicious file now.” 

They advised users not to interact with any dApps until the situation was fully resolved. 

The hardware wallet manufacturer emphasized that Ledger devices and the Ledger Live app were not compromised in the attack.

Later, in an industry-wide alert, MetaMask, a leading Web3 wallet app, warned that the incident affected all users, not just Ledger customers. 

MetaMask promptly deployed a fix for its app and urged users to update to the latest version for safety.

The Scope and Severity of the Latest Crypto Attack

The compromised version of the Connect Kit, essential for the interaction between Ledger hardware wallets and dApps, facilitated unauthorized asset transfers. 

READ MORE: Biggest Crypto Hacks of 2023

Ethereum core developer liaison Hudson Jameson underscored the risk, advising users to exercise caution with dApps until the impacted projects updated their systems with Ledger’s corrected code.

While the exact sum lost so far has yet to be calculated, this incident is not Ledger’s first encounter with security issues. 

In November this year, a fraudulent Ledger app on the Microsoft App Store led to nearly $1 million in losses. 

Additionally, in 2020, Ledger faced backlash after a hack compromised over a million user emails. 

Ledger’s recent voluntary ID-based Recover service, though unrelated to this exploit, also drew criticism for perceived security flaws.

The Bottom Line: A Wake-Up Call for Enhanced Security Measures

The exploitation of Ledger’s ConnectKit library serves as a stark reminder of the vulnerabilities in the digital asset ecosystem, particularly concerning third-party integrations and dependencies. 

As the crypto industry continues to evolve, the importance of robust security measures and rapid response protocols cannot be overstated. 

For users and developers alike, this incident highlights the need for heightened vigilance and a comprehensive understanding of the underlying technologies and libraries they depend on.

For today, and every day… Tread carefully.


Related Reading

Related Terms

Sam Cooling
Crypto & Blockchain Writer
Sam Cooling
Crypto & Blockchain Writer

Sam Cooling is a crypto, financial, and business journalist based in London. Along with Techopedia, his work has been published in Yahoo Finance, Coin Rivet, and other leading publications in the financial space. His interest in cryptocurrency is driven by a passion for leveraging decentralized blockchain technologies to empower marginalized communities worldwide. This includes enhancing financial transparency, providing banking services to the unbanked, and improving agricultural supply chains. Sam has a Master’s Degree in Development Management from the London School of Economics and has worked as a Junior Research Fellow for the UK Defence Academy.