Ledger's Recent Security Scare: Everything you need to know

What exactly happened?

A vulnerability was discovered in Ledger Connect Kit, a software library used by other applications to connect to Ledger wallets. This vulnerability could have potentially allowed attackers to trick users into approving unauthorised transactions.

🚨We have identified and removed a malicious version of the Ledger Connect Kit. 🚨

A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.

Your Ledger device and…

— Ledger (@Ledger) December 14, 2023

Ledger’s previous controversies

1. Recover" Feature and KYC Concerns (July 2023):

In July 2023, Ledger introduced a subscription-based feature called "Recover" that allowed users to access their wallets even if they lost their seed phrase. The feature required users to provide KYC information, which clashed with Ledger's long-standing focus on privacy and self-custody. Many users felt this compromised the decentralization and security principles of crypto.

Ledger faced significant backlash and ultimately backtracked on the mandatory KYC requirement for Recover. They clarified their commitment to privacy and announced future improvements to the feature.

2. Data Breach and Security Vulnerabilities (April 2023):

Ledger suffered a data breach where customer email addresses and phone numbers were leaked. Additionally, security researchers discovered vulnerabilities in some Ledger hardware wallets. The breach and vulnerabilities raised concerns about the overall security of Ledger's products and their ability to protect user privacy.

Ledger addressed the breach and patched the vulnerabilities promptly. They also implemented stricter security measures and offered support to affected users.

What should you do?

• Stay calm: The vulnerability only affected a small number of users, and Ledger has taken steps to fix it. Your crypto is probably safe.


• Be vigilant: Check your transaction history carefully for anything you don't remember approving. If you see something fishy, contact Ledger immediately.


• Update your software: Ledger has released a patch for the outdated code. Make sure you update your Ledger Live app and firmware to the latest version.


• Practice good security habits: Never share your seed phrase (the secret code that unlocks your wallet) with anyone, not even Ledger. Don't use the same password for your Ledger wallet as you do for other accounts.

Conclusion

Even though Ledger has a trusted name in crypto security, you should look for some better alternatives as well. Remember, your only goal should be keeping your seed phrase safe. If you're not sure about something, always ask! Many hardware wallets have great customer support and plenty of resources available to help you learn more about crypto security.

Stay safe out there, and happy cryptoing!