24/7 Cryptocurrency News

Ledger Releases New Connect Kit Version to Mitigate Hack Impact

After it witnessed a malicious attack, Ledger has asked its users to migrate to the latest version of its Connect Kit tool
Published by
Ledger Releases New Connect Kit Version to Mitigate Hack Impact

Ledger has replaced its malicious ConnectKit with a new version as a way of managing the impact of the malicious hack it suffered earlier today. 

Advertisement

Ledger Requests Move to Version 1.1.8

The protocol took to the X app to inform the public that the latest Connect Kit genuine version 1.1.8 has been rolled out. Users are advised to update their app and wait for 24 hours before trying to use the software again. Also, Ledger has assured users of an ongoing investigation to understand the extent of the attack and the level of impact on the protocol.

Ledger offered a timeline detailing how the attack went down as well as how it was discovered. The Ledger ConnectKit was attacked in a rug-pull security breach which resulted in an initial loss of about $150,000. A former Ledger employee fell victim to a phishing attack that granted the bad actor access to their NPMJS account. Next, a malicious version of the Ledger Connect Kit ranging from versions 1.1.5, 1.1.6, and 1.1.7 was published.

Immediately, the security team was contacted to salvage the situation, and “a fix was deployed within 40 minutes of Ledger becoming aware.” The attack was disabled in alliance with WalletConnect, a communication protocol for Web3.0. Tether has also helped in the freezing of the hacker’s wallet and reinforcing blockchain security

Advertisement

Proactive Moves from Impacted Ledger Clients

The vulnerability, now labeled by the protocol as a “supply chain attack,” was perceived to likely pose a serious threat to users and their assets since it involves the injection of malicious code into different Decentralized Applications (DApps). 

The vulnerability in the attack was later identified to have an impact on other protocols besides Ledger. Some impacted Decentralized Finance (DeFi) protocols were SushiSwap, Kyber, RevokeCash, and Zapper. Kyber, which was recently hacked to the tune of $46 million, and RevokeCash acted swiftly by deactivating their respective front ends.

Specifically, the exploit was discovered to affect LedgerHQ’s ConnectKit versions greater than 1.1.4, per findings from Blockaid. Many related crypto projects have boldly declared that they were not affected by the breach but it is worth noting that such attacks have dire consequences for the broader crypto ecosystem.

Advertisement

Share
Godfrey Benjamin

Benjamin Godfrey is a blockchain enthusiast and journalists who relish writing about the real life applications of blockchain technology and innovations to drive general acceptance and worldwide integration of the emerging technology. His desires to educate people about cryptocurrencies inspires his contributions to renowned blockchain based media and sites. Benjamin Godfrey is a lover of sports and agriculture. Follow him on X, Linkedin

Published by
Why trust CoinGape: CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journalists and analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.

Recent Posts

  • 24/7 Cryptocurrency News

October Fed Rate Cut Odds Rise After Weak U.S. Labor Data, Bitcoin Surges

U.S. private payrolls unexpectedly fell in September, raising market bets that the Federal Reserve will…

October 1, 2025
  • 24/7 Cryptocurrency News

Hashdex Adds Cardano to Crypto Index Fund as ADA Gains SEC Listing Eligibility

Asset manager Hashdex has officially included Cardano in its Nasdaq Crypto Index U.S. ETF. This…

October 1, 2025
  • Bitcoin News

U.S. Treasury To Ease Tax Rule on Unrealized Bitcoin Gains, Aiding Saylor’s Strategy

The U.S. Treasury and IRS have released an interim guidance, which highlights plans to ease…

October 1, 2025
  • 24/7 Cryptocurrency News

Trump-Backed World Liberty (WLFI) Plans RWA Tokenization Paired with USD1 Stablecoin

Trump Family's World Liberty Financial has unveiled big real-world asset (RWA) tokenization plans on Wednesday,…

October 1, 2025
  • 24/7 Cryptocurrency News

Stripe Eyes U.S. Banking Charter, Pioneers One-Click Stablecoin Issuance for Firms

Fintech giant Stripe has unveiled a suite of tools to enable businesses to tap into…

October 1, 2025
  • 24/7 Cryptocurrency News

Breaking: Metaplanet Expands Treasury With 5,268 BTC Purchase, Climbs to 4th Largest Holder

Metaplanet has expanded its Bitcoin portfolio with another purchase. The Tokyo-listed firm is now the…

October 1, 2025