Author

Topic: Ledger seem compromised again (Read 398 times)

hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
December 22, 2023, 03:51:46 PM
#32
I wonder if Ledger is regretting their decision to support scamcoins yet? -- seams like it may ultimately cost them their business.
I doubt they do.  They earned most of their income and profit through Shit Coins.  Otherwise I doubt any body would have preferred Ledger on top of Trezor.

Supporting Shit Coins seems to be their purpose and priority.  Unfortunately a few of us will say it was a mistake but most of their customers will keep praising them for supporting all the Coins we never really needed.
legendary
Activity: 1722
Merit: 5937
December 22, 2023, 11:45:52 AM
#31
Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed.
They maybe lost reputation among more knowledgebale userbase, but vast majorify of their users probably never even heard about recovery service and what's even worse, they wouldn't even mind using it once introduced.


Lets see if Ledger will be able to keep up with the competition.
Unfortunately, situation is opposite and Ledger is still the market leader, despite all the mistakes made in the last couple of years and imho it will need a major breach for them to lose that spot.
hero member
Activity: 2884
Merit: 579
Hire Bitcointalk Camp. Manager @ r7promotions.com
December 21, 2023, 04:39:42 PM
#30
Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.  

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.
That's good news for those affected on it. But I guess this is going to be the last time that they'd do a refund for the affected users since it is their fault.

Next time that something like this happens again, I don't think that they'll initiate a refund against the actions of these users. Both are at fault but Ledger should stop making a lot of support for these projects and should only stay to a few chosen.

Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed.
Yeah, that recover feature. That already made a huge noise on their reputation but we're not their target with such feature and sadly, despite the community's action against that. There will be newbies that will embrace that feature.
legendary
Activity: 3220
Merit: 1363
www.Crypto.Games: Multiple coins, multiple games
December 21, 2023, 04:36:16 PM
#29
Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.

Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed. The hack involving Ledger Connect only adds more fuel to the fire. Noobs won't care about this, but crypto veterans like me will start looking for other alternatives. If the majority of Ledger's customers are crypto veterans, then this will mark the end of its business for good. We are yet to see whenever the company will survive or fade away into oblivion.

For what I know, there are plenty of alternatives that put security/reliability above all else. Open source hardware wallets like Jade and Passport are starting to gain traction. Lets see if Ledger will be able to keep up with the competition. As long as we have multiple hardware wallets to choose from, nothing else matters. Smiley
member
Activity: 302
Merit: 46
NO SHITCOIN INSIDE
December 20, 2023, 11:33:05 PM
#28
I wouldn't trust anything involving shitcoins aka altcoins, web3, dapps, nfts all just a bunch of  great ways to lose your money.

All of the above are just a bunch of stupid fancy buzzwords but in reality are nothing but high tech scams that have little to nothing in common with bitcoin,
the only truly trustless and decentralized asset. Every single day for the last 10 years you hear constantly about people getting scammed with this garbage,
and yet people still don't learn.

You know what they say idiots and their money are soon parted.
sr. member
Activity: 966
Merit: 306
December 20, 2023, 08:50:35 PM
#27
Eh, If I were affected I'd probably stop using them even after they reimburse me. This blind signing aside, they made many questionable decisions in the last few months that users should be aware of.
Did you imply about their new product, Ledger Recover?

Ledger Recover and Ledger Recover FAQs

That new product from Ledger is sucky as the root cause to use a hardware wallet is to have our control on our wallet private keys/ wallet mnemonic seeds and don't rely on any party to have access to private keys, wallet seeds and our bitcoin.

Months ago, with release of Ledger Recover product, they give Ledger users an option to back up wallets with engagement of three parties. It sucks!

Quote
The more worrying thing is the reliance on their connectkit by dapps developers. They should improve their internal security and fix how a new update is published so that one phishing attack doesn't result in the same thing, while developers try to build/use alternatives so that they don't make chain attacks easier. CMIIW.
It is bad idea from Ledger developers but users themselves have own responsibilities too.

Hardware wallets must be used for storing their main capital.

If they want to interact with smart contracts, new projects, they must move their cryptocurrencies from a hardware wallets to some different smaller wallets. And they can use those wallets for smart contract interaction explorations, with other wallets like Metamask, MyEtherwallets and more.
legendary
Activity: 2170
Merit: 1789
December 20, 2023, 08:25:54 PM
#26
But since they have a reimbursement to make to those affected by that issue, for sure their users will be happy, and this is good news for them so that their trust will still remain in the ledger. That's how I see it, and that's a good step.
Eh, If I were affected I'd probably stop using them even after they reimburse me. This blind signing aside, they made many questionable decisions in the last few months that users should be aware of. The more worrying thing is the reliance on their connectkit by dapps developers. They should improve their internal security and fix how a new update is published so that one phishing attack doesn't result in the same thing, while developers try to build/use alternatives so that they don't make chain attacks easier. CMIIW.
hero member
Activity: 952
Merit: 555
December 20, 2023, 10:19:31 AM
#25
If you are using ledger hardware wallet please do not connect to any dapps right now until futher notice, it seems this hardware wallet is freaking too vulnerable to attacks right now.

It was back then when ledger hardware wallet was making fame because users find nothing against it used and will always want to have it among the most recommended wallets, but now things are no more like that with the same hardware wallet, ledger has compromised privacy and data leak, we need to get used to this related activities because that is one of the reasons we must always stay updated to know about the security challenges or privacy bridge from any of the kinds of wallet we are using.
hero member
Activity: 812
Merit: 619
December 20, 2023, 10:08:41 AM
#24
Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.  

There is no way except this step to retain the trust of crypto users and web3 platforms. This is positive news for all users whose wallet drained especially lost big. Besides reimbursing the plan for tighten the security is also good news where signing system will be become strong.

Online security plays an important role in the world of cryptocurrency. Cryptocurrencies are considered secure because it's operate on a blockchain however this type of incident will create fear so it should be tighten in extreme level so that no one even think about breaking security.
full member
Activity: 896
Merit: 117
PredX - AI-Powered Prediction Market
December 20, 2023, 09:50:36 AM
#23
Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.  

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.

That's good news if the ledger is going to do that for the users of the ledger who are affected by what has already been compromised. Actually, this incident that happened is quite alarming.

But since they have a reimbursement to make to those affected by that issue, for sure their users will be happy, and this is good news for them so that their trust will still remain in the ledger. That's how I see it, and that's a good step.
legendary
Activity: 1722
Merit: 5937
December 20, 2023, 08:26:37 AM
#22
Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.  

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.
staff
Activity: 4284
Merit: 8808
December 16, 2023, 07:12:19 PM
#21
I wonder if Ledger is regretting their decision to support scamcoins yet? -- seams like it may ultimately cost them their business.

It's hard enough to handle bitcoin securely, but to handle alternatives whose designs have big security problems and then to support a thousand of them? It's a recipe for disaster on the basis of complexity alone.
hero member
Activity: 2464
Merit: 594
December 16, 2023, 06:18:24 AM
#20
According to recent reports, Ledger’s Connect Kit software was compromised, and over $600K in crypto was reportedly drained. Ledger issued an update to its software a few hours after the incident, but users are advised to be cautious about interacting with apps for now. However, it’s important to note that Ledger’s software inside of the hardware wallet was not compromised. The issue lies with the Ledger Connect Kit software, not the hardware wallet itself. So, while your crypto assets should still be secure, it’s recommended to avoid connecting to any decentralized applications temporarily until further notice.

https://economictimes.indiatimes.com/news/international/us/why-has-hardware-wallet-manufacturer-ledger-warned-users-not-to-connect-to-any-dapps/articleshow/106000442.cms
https://insidebitcoins.com/news/ledgers-crypto-nft-hardware-wallet-got-hacked-over-600k-crypto-drained
https://finance.yahoo.com/news/ledger-wallets-drained-crypto-latest-165413366.html
legendary
Activity: 2170
Merit: 1789
December 16, 2023, 06:04:13 AM
#19
the CEO is claiming their doing everything under their power to actually maintain the issue from getting out of hand but it would be best for everyone that is using the wallet to actually lay off and stay on a low because it's better to play safe than be ignorant and suffer the cost.
The issue is related to their dapps software, not the HW itself as far as I understand it. Basically a lot of dapps use their connectkit to interact with web3 wallet and somebody managed to publish a fake version of it. While they've published the right version, people should at least their browser cache to ensure they don't cache the fake version. It doesn't matter whether you use Ledger HW or not, as long as your favorite dapps use Ledger's connectkit, you're at risk if you don't do that.

Ledger should improve how they educate their employees since all of this happens because of a phishing attack, which in theory should not be unfamiliar for people who work at a crypto company.
full member
Activity: 476
Merit: 230
God is All
December 16, 2023, 02:11:23 AM
#18
All over Twitter people are filming themselves destroying their ledgers. This is numerous times that something like this has happened. Do you feel safe storing your crypto this way?

Ledger needs to be open sourced and the chances of this happening will be lower, however since they are for profit they obviously aren’t going to do that.

Best cold storage these days is anything that is open sourced.
I don't have any business with ledger wallet whatsoever but its seem the hack was really big although the CEO is claiming their doing everything under their power to actually maintain the issue from getting out of hand but it would be best for everyone that is using the wallet to actually lay off and stay on a low because it's better to play safe than be ignorant and suffer the cost.

Aslo read this article ledger wallet hack about some of the stolen assets worth $60000 has been frozen by the appropriate network in charge of the transaction.
sr. member
Activity: 1666
Merit: 426
December 16, 2023, 02:05:41 AM
#17
Whoever was the weakest link in the backend of Ledger is going to have his ass handed to him, this isn't just some minor issue because a lot of people have trusted Ledger for a really long time and this happening to them is definitely a damage to their reputation. Hopefully the problem is going to be addressed and that they will find some way to compensate the people that was a victim of the hack and that the authorities are on the case because this is the type of cyber criminal that needs to be punished, no way that there's no malice involved in doing this unlike most hackers that do it for the challenge or the thrill.
sr. member
Activity: 1386
Merit: 406
December 16, 2023, 02:00:51 AM
#16
Currently users are facing several issues with this hardware wallet. It is believed that users are facing such problems due to their security system being weak. This company once had a good reputation but due to weak security systems, their reputation has been ruined and their user base has dropped drastically. They are finding it difficult to survive in the market as they are now and not sure if this company can survive at all.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
December 16, 2023, 01:37:45 AM
#15
If you are using ledger hardware wallet please do not connect to any dapps right now until futher notice, it seems this hardware wallet is freaking too vulnerable to attacks right now.
I have been seeing that news on many Telegram channels that I have subscribed and other social media platforms are also reporting that news. If that's the case then one should be careful with the Ledger wallet. That's why I always recommend everyone to use open-source software base wallet instead of relying on hardware wallets.

The open-source software wallets are much secure as compare to the hardware wallets and I believe the ones who rely on hardware wallets can be huge troubles. Trusting someone's hardware is a risky thing and that's why I believe software based personal wallets works like a charm. I would prefer to go with Electrum as that's the one I use and I will always recommend it.

I hope that users will be safe from this hack and they may not lose any of their funds due to the hardware wallet vulnerabilities. A reminder to those who save their Bitcoin on hardware wallets. Kindly, go with an open source software wallet and an air gapped system to be secure as a Bitcoin holder.
hero member
Activity: 868
Merit: 952
December 16, 2023, 01:34:23 AM
#14
All over Twitter people are filming themselves destroying their ledgers. This is numerous times that something like this has happened. Do you feel safe storing your crypto this way?

I think this one of the last stroke for people using Ledger hardware wallets, they might not be affected yet especially people storing only bitcoin but what happens next? Their new recovery policy was already a warning and after this I would say people should be careful about the product.

Quote
Ledger needs to be open sourced and the chances of this happening will be lower, however since they are for profit they obviously aren’t going to do that.

They have actually opted to go for open source after the recovery saga and many users complained I don’t know if they have implemented it or not but still that won’t bring back the trust that has already been broken.

Quote
Best cold storage these days is anything that is open sourced.

Not that open source wallet are even 100% temper proof from hacks even the likes of Trezor still have there vulnerabilities although with the code public users who are tech savvy can easily dictate a back door even though not all. I will consider a cold wallet set up by me personally on an airgap device more secure this days.
sr. member
Activity: 896
Merit: 303
December 16, 2023, 01:24:07 AM
#13
I have a Ledger hardware wallet, but I don't feel safe storing it here because it has been compromised before. If there is more news of it being compromised again, I would be forced to sell it.

All over Twitter people are filming themselves destroying their ledgers. This is numerous times that something like this has happened. Do you feel safe storing your crypto this way?
Ledger needs to be open sourced and the chances of this happening will be lower, however since they are for profit they obviously aren’t going to do that.
Best cold storage these days is anything that is open sourced.

I don't think the company will refrain from doing such things because it's their business and they want to earn more profit. However, I hope they will take all the necessary measures to prevent such incidents from happening again in the future. If this issue persists, it could damage the reputation of the company. Who knows if potential customers will trust their hardware wallet if there are always security issues?
legendary
Activity: 3808
Merit: 1723
December 16, 2023, 01:00:33 AM
#12
All over Twitter people are filming themselves destroying their ledgers. This is numerous times that something like this has happened. Do you feel safe storing your crypto this way?

Ledger needs to be open sourced and the chances of this happening will be lower, however since they are for profit they obviously aren’t going to do that.

Best cold storage these days is anything that is open sourced.
hero member
Activity: 1316
Merit: 787
Rollbit - The #1 Solana Casino
December 15, 2023, 04:20:32 AM
#11
Their CEO has explained this hack. And as people here say, as long as users only use Bitcoin, it doesn't matter at all.
CEO Ledger has collaborated with law enforcement to follow up on this process. According to Pascal Gauthier, Ledger will implement a stronger security system in the future after this incident. Gauthier added that Ledger Connect Kit 1.1.8 is secure.

This source comes from Cointelegraph.
https://cointelegraph.com/news/ledger-ceo-explains-hack-calls-it-isolated-incident
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
December 15, 2023, 01:05:09 AM
#10
tl;dr your Ledger hardware wallet is fine. This security issue concerns the Ledger Connect Kit, in which a hacker used malicious code to display a separate wallet connection UI modal on DeFi protocols.

Some facts:

1. You need to confirm a malicious transaction on your Ledger device for your funds to be stolen
2. This was caused by a phished account of an ex-employee hence the hacker was able to push code
3. This security issue is only with concern to EVM(Ethereum Virtual Machine)-related platforms. If you're bitcoin-only, you're totally unaffected.
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
December 14, 2023, 11:48:22 PM
#9
It's been one shitshow after another for Ledger these past couple of years. They've had a database breach, the Ledger Recover controversy, the Ledger Stax device which remains undelivered after they started accepting pre-orders over a year ago, now there is this hack which compromised any dapp using the ConnectKit library.

After being the most popular hardware wallet for a long time they have now completely destroyed their reputation with all these blunders. I can't imagine anyone who would still trust them enough to store their private keys on one of their devices.
hero member
Activity: 1344
Merit: 583
December 14, 2023, 10:17:25 PM
#8
You can't trust those ledger devices as far as you can throw them nowadays, especially after the stunts they have pulled. Their reputation is completely screwed and it is sad to see it happen but having this happen now on top of all of that? I'm not sure how much longer the company will last if they continue being so vulnerable and going against the best interests of their users.
sr. member
Activity: 406
Merit: 371
December 14, 2023, 12:18:36 PM
#7
If you are using ledger hardware wallet please do not connect to any dapps right now until futher notice, it seems this hardware wallet is freaking too vulnerable to attacks right now.




The ledger issue is now fixed.



source: > https://twitter.com/Mudit__Gupta/status/1735301007188406681
legendary
Activity: 966
Merit: 1042
#SWGT CERTIK Audited
December 14, 2023, 12:10:59 PM
#6
It's only if you install new software. I don't update to newest versions right away because I've learned over the years that updates often are unstable and you have to install fixes later. It's better to wait for a while.

Also, they're fixing this, so if you still using ledger, wait a few days until it calms down and move it to something better. Their updates that allowed them to access your wallet were the first warning for users that this company is not the best choice. Now there's this little problem. Let's see how many people lose their savings because of this bug.

Well, that's right. I've been trying some testnet nodes and they are frequently sending updates, I was worried about the system security because even after installing all those updates, the system was not behaving smoothly.

Anyway, it's about the ledger, hmm other reliable options are compared to the legder because the update you've mentioned was briefly covered in many topics here, At that time as well people were moving from the ledger. I think Trezor is one of the renowned ones.
legendary
Activity: 2814
Merit: 1192
December 14, 2023, 11:23:12 AM
#5
It's only if you install new software. I don't update to newest versions right away because I've learned over the years that updates often are unstable and you have to install fixes later. It's better to wait for a while.

Also, they're fixing this, so if you still using ledger, wait a few days until it calms down and move it to something better. Their updates that allowed them to access your wallet were the first warning for users that this company is not the best choice. Now there's this little problem. Let's see how many people lose their savings because of this bug.
full member
Activity: 1008
Merit: 139
★Bitvest.io★ Play Plinko or Invest!
December 14, 2023, 11:07:50 AM
#4
Ledger's having some problems recently.  Not sure what's going on over there, but seems their hardware wallets are dealing with security vulnerabilities lately and  they used to be the best option for most folks wanting a hardware wallet.  But I've seen a bunch of reports about issues compromising security.  Id hold off linking your Ledger to any decentralized apps until we get an all-clear.  Who knows if connecting it could put your crypto at risk given their ongoing problems.
legendary
Activity: 966
Merit: 1042
#SWGT CERTIK Audited
December 14, 2023, 10:46:00 AM
#3
Yep! I've seen so many community alert posts on social media, indicating the compromise of the Ledger's ConnectKit Library with Revoke. Cash. I've personally taken some actions and disconnected all of my active connections with most of Dapps. Playing safe in such circumstances is good for funds.

I'm not sure why are you creating this thread so late and TBH I've not scrolled any other section yet, maybe there are some of early threads already covering this topic.

legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
December 14, 2023, 10:02:38 AM
#2
If you are using ledger hardware wallet please do not connect to any dapps right now until futher notice, it seems this hardware wallet is freaking too vulnerable to attacks right now.



The picture says "More details below". Isn’t it just by clicking on such links that fun adventures with hacked wallets and everything else begin? Smiley

It was possible to copy / paste part of the text with the main idea of the article here, right? Of course, with reference to the original source. So that forum users can find out everything regarding this incident right here.
sr. member
Activity: 728
Merit: 388
Vave.com - Crypto Casino
December 14, 2023, 09:24:33 AM
#1
If you are using ledger hardware wallet please do not connect to any dapps right now until futher notice, it seems this hardware wallet is freaking too vulnerable to attacks right now.

Jump to: