Ledger faces a security breach on Dec 14, 2023 sparking industry-wide concern
Today, the cryptocurrency community was on edge as Ledger, a leading name in crypto security, grappled with a significant security breach. Bitcoin-only Ledger users might have been spared the direct impact, but the incident certainly rattled confidence across the board. Here's what went down:
Ledger responded rapidly, purging the malicious code within 40 minutes of its detection. Despite this quick response, the code remained active for about five hours, with a two-hour window where funds were vulnerable. The hacker managed to siphon off an estimated 500K in crypto assets. However, in a twist of fate, the conversion of these assets to USDT allowed Tether to track and freeze them, thanks to on-chain analysis.
Jameson Lopp, a respected voice in Bitcoin pointed out three key oversights at Ledger: the absence of specific version and checksum controls for code, the lack of strict 'two-man rules' for code review and deployment, and the failure to revoke access rights from former employees.
Apollo user surveys have consistently shown Ledger as a top choice for hardware wallets. Yet, this incident has led to a wave of reconsideration among users. On X notable crypto investor Mike Dudas, said this is the last strike for him with Ledger.
If you're contemplating a switch from Ledger, Apollo recommends the Blockstream Bitcoin-Only Jade Wallet. With a 4.5-star rating from Apollo users, it's lauded for its robust security, user-friendliness, and affordability.