What you need to know about the Ledger exploit

Ledger, a company that provides self-custody software to large parts of the crypto industry, recently became the target of an exploit.

@ledgerhq/connect-kit, a library developed by Ledger to allow users to connect their wallet to dApps, was infected with code that would attempt to drain your funds if you connected your wallet to a Web3 website.

Several popular Web3 libraries use Ledger's connect-kit library, so even if you don't use a Ledger wallet, you may have been exposed to the attack indirectly. Among the affected, are MetaMask Portfolio and Sushi.

The exploit has now been addressed and fixed by the Ledger team. The infected version was launched 11:37:24 AM (CEST) and an update that removes the exploit was released 2:18:35 PM (CEST).

‍

Presail was not exposed to the attack

Ledger is widely used by many dApps, not only directly, but also through other third parties that depend on it. One of those third parties is Wagmi, another popular JS library used to connect to web3. Although Presail uses Wagmi to handle all the web3 interactions, we had no exposure to the exploit, because

we do not rely on the part of Wagmi that used @ledgerhg/connect-kit.As such, we never served the infected code from Ledger. You can therefore continue using Presail as you normally would. It may, however, be a good idea to follow some simple ground rules when using dApps to protect

your funds.

‍

How to recognise and protect yourself against the exploit

Situations like these typically evolve rapidly and it may be a good idea to wait for 24 hours before you interact with any dApp, until the dust has settled, and all facts are on the table. You can follow updates from the Ledger team on X.com.

Based on a user's input on LedgerHQ's own Github, the exploit functions by opening a malicious overlay on top of Ledger's regular "Connect wallet" interface. When you connect your wallet using the interface, it will ask you to sign a transaction that will drain your funds.

‍

‍

Even though the attack is now resolved, you may want to clear your browser cache, to make sure it hasn't stored an old and infected version of the Ledger library.

Here's how to clear your browser cache in Google Chrome

‍

To summarize:

• Be on the lookout for the overlay in the screenshot above. If you see it, make sure to report it to the affected dApp, and refrain from interacting with the dApp until the issue is confirmed resolved.
• Clear your browser cache
• In general, always take a moment to review any transaction you sign with your wallet. Be sure that the permissions you grant to the dApp align with the dApp's stated purpose and functionality.

‍

Stay safe,

The Presail Team