Dec 15, 2023

Ledger Drama - December 2023: A Tense Day for Crypto Security

Ledger faces a security breach on Dec 14, 2023 sparking industry-wide concern

Ledger Drama - December 2023: A Tense Day for Crypto Security

Today, the cryptocurrency community was on edge as Ledger, a leading name in crypto security, grappled with a significant security breach. Bitcoin-only Ledger users might have been spared the direct impact, but the incident certainly rattled confidence across the board. Here's what went down:

The Exploit

On December 14, 2023, Ledger's Connect Kit, a crucial JavaScript library for linking websites with crypto wallets, was compromised. The root cause? A phishing attack on a former employee, which led to the introduction of harmful code into the system.

Swift Action, But Not Swift Enough?

Ledger responded rapidly, purging the malicious code within 40 minutes of its detection. Despite this quick response, the code remained active for about five hours, with a two-hour window where funds were vulnerable. The hacker managed to siphon off an estimated 500K in crypto assets. However, in a twist of fate, the conversion of these assets to USDT allowed Tether to track and freeze them, thanks to on-chain analysis.

Critique from a Crypto Veteran

Jameson Lopp, a respected voice in Bitcoin pointed out three key oversights at Ledger: the absence of specific version and checksum controls for code, the lack of strict 'two-man rules' for code review and deployment, and the failure to revoke access rights from former employees.

Market Reaction

Apollo user surveys have consistently shown Ledger as a top choice for hardware wallets. Yet, this incident has led to a wave of reconsideration among users. On X notable crypto investor Mike Dudas, said this is the last strike for him with Ledger.

Apollo Users: Hardware Wallet Popularity

Looking for Alternatives?

If you're contemplating a switch from Ledger, Apollo recommends the Blockstream Bitcoin-Only Jade Wallet. With a 4.5-star rating from Apollo users, it's lauded for its robust security, user-friendliness, and affordability.