🚨🚨🚨 DON'T USE ANY DAPP(Ledger's ConnectKit library compromised) - page 2.

AirtelBuzz

full member

Activity: 15

Merit: 1

Quote from: Gladitorcomeback on December 14, 2023, 09:15:27 AM

Don't interect wallet with any dapp because because Many applications haa been compromised and news comes that users wallet hacked while using Revoke cash. Wait for further details

This is biggest hack of the year as it's not limited to one particular project or contract, The whole Ledger labrary has been compromised. Panic sell started already but hope all will be normal in 24 hours. All Bitcointalk members especially airdrop hunters kindly be safe and don't use any dapp.

Quote

Warning: Multiple popular crypto applications that integrate with Ledger's ConnectKit library, including Revoke.cash have been compromised. We temporarily took the website offline as we're investigating further. We recommend not using *any* crypto website at all while this exploit is ongoing.

Source:
https://twitter.com/RevokeCash/status/1735282669808717958?s=19

The drainer actually pops up on top of the real Connect Wallet.

You will still need to connect and sign before get drained, but it’s better not to test as one can easily overlook while connecting with real Dapp

Twitter X: >https://twitter.com/iambullsworth/status/1735290127847415832?t=Lv6vV8_qZYUXy4XvcKECeA&s=19

julerz12

legendary

Activity: 2310

Merit: 1108

Telegram: @julerz12

Ledger already made an update about this.

Quote

Update:

The malicious version of the file was replaced with the genuine version at around 2:35pm CET.

The new genuine version should be propagated soon.

We will provide a comprehensive report as soon as it’s ready.

In the meantime, we’d like to remind the community to always Clear Sign your transactions - remember that the addresses and the information presented on your Ledger screen is the only genuine information.

If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.

Source: https://twitter.com/Ledger/status/1735298142118072512

Also found this tweet on how to check if you have the malicious library cached

Quote

The ledger issue is now fixed.

To make sure you don't have the malicious library cached, go to https://cdn.jsdelivr.net/npm/@ledgerhq/connect-kit@1 and ensure the version is 1.1.8.

If it's not, clear your cache. chrome- F12> Chrome Developer Tools > Application tab > Storage in left tree> Clear site data.

Source: https://twitter.com/Mudit__Gupta/status/1735301007188406681

Gladitorcomeback

hero member

Activity: 644

Merit: 591

#SWGT CERTIK Audited

Don't interect wallet with any dapp because because Many applications haa been compromised and news comes that users wallet hacked while using Revoke cash. Wait for further details

This is biggest hack of the year as it's not limited to one particular project or contract, The whole Ledger labrary has been compromised. Panic sell started already but hope all will be normal in 24 hours. All Bitcointalk members especially airdrop hunters kindly be safe and don't use any dapp.

Quote

Warning: Multiple popular crypto applications that integrate with Ledger's ConnectKit library, including Revoke.cash have been compromised. We temporarily took the website offline as we're investigating further. We recommend not using *any* crypto website at all while this exploit is ongoing.

Source:
https://twitter.com/RevokeCash/status/1735282669808717958?s=19

Topic: 🚨🚨🚨 DON'T USE ANY DAPP(Ledger's ConnectKit library compromised) - page 2. (Read 218 times)