On Dec. 14, 2023, Ledger’s Connect Kit, a Javascript library for wallet connectivity, suffered a significant exploit. This incident, which was contained within two hours, has brought forth a number of criticisms of Ledger’s security practices. Ledger Exploit Elicits Mixed Reactions From Crypto Sphere; Dapps and Tether Respond Promptly to Breach Ledger, known for its…
Read more
The unknown attacker that compromised Ledger’s Connectkit Library has reportedly siphoned $484,000 from wallets, according to the onchain intelligence firm Lookonchain. Ledger disclosed a former employee fell victim to a phishing attack and the attacker gained access to the Ledger Connectkit Library and uploaded a malicious bug. Ledger Responds to $484K Hack The latest and…
Read more
According to several reports, there’s been an alleged Ledger Connectkit Library exploit and people are being warned not to interact with decentralized application (dapp) front ends. Reportedly, the library that maintained several dapps now contains a wallet drainer. *Editor’s Note: The end of this article was updated at 9:02 a.m. (EST) on Dec. 14, 2023,…
Read more
Thirdweb, a Web3 development framework provider, has announced that it has started mitigating a vulnerability that could potentially affect thousands of smart contracts across several networks. The vulnerability, uncovered in November, impacts various pre-built smart contracts that the framework provides for rapidly deploying applications using an undisclosed open-source library. Thirdweb Mitigates Critical Vulnerability Across Dozens…
Read more
A critical vulnerability in early cryptocurrency wallets, identified by cybersecurity startup Unciphered, threatens billions of dollars in digital assets. Originating from a flaw in the BitcoinJS software used for wallet generation between 2011 and 2015, this issue exposes wallets to potential exploitation. Millions of users are being urged to transfer their assets to wallets generated…
Read more
According to cybersecurity firm Group-IB, weaponized ZIP file archives were being shared on crypto trading forums, with each one containing a nasty surprise. The developers behind file compression software WinRAR have patched a zero-day vulnerability that allowed hackers to install malware onto unsuspecting victims’ computers, enabling them to hack into their crypto and stock trading…
Read more
Solana-based Cypher Protocol has managed to stop around $600,000 of stolen funds from exiting various centralized exchanges. Solana-based decentralized futures exchange Cypher Protocol has managed to freeze $600,000 worth of crypto stolen from an Aug. 7 security exploit. In an X (Twitter) post on Aug. 18, Cypher Protocol reported that more than half of the…
Read more
Fireblocks, a digital assets security company, has disclosed vulnerabilities affecting several cryptocurrency wallets, collectively named “Bitforge.” Through these vulnerabilities, criminals could steal millions in cryptocurrency without having direct contact with the owners of the wallet or its providers. While some providers have already applied patches, others are still vulnerable. Bitforge Vulnerabilities Disclosed Fireblocks, a cryptocurrency…
Read more
In the wake of July’s unprecedented wave of decentralized finance (defi) breaches, including Curve Finance’s staggering $62 million exploit, the defi economy has plummeted into a gloomy state. Hovering perilously close to dipping beneath the $40 billion threshold, the total value locked (TVL) in defi hangs on by a thread. Concurrently, the market of defi…
Read more
According to a report published by the cybersecurity research team known as 0d, a division of Dwallet Labs, researchers discovered a critical vulnerability in the Tron network’s native multi-sig mechanism. The cybersecurity experts explained that the vulnerability could have impacted more than $500 million worth of digital assets held in Tron multi-sig accounts. 0d specified…
Read more
