Blog: Crypto fundraising

What you need to know about the Ledger exploit

What you need to know about the Ledger exploit
Written by
Tomas Veiden
Published on
December 14, 2023

Ledger, a company that provides self-custody software to large parts of the crypto industry, recently became the target of an exploit.

@ledgerhq/connect-kit, a library developed by Ledger to allow users to connect their wallet to dApps, was infected with code that would attempt to drain your funds if you connected your wallet to a Web3 website.

Several popular Web3 libraries use Ledger's connect-kit library, so even if you don't use a Ledger wallet, you may have been exposed to the attack indirectly. Among the affected, are MetaMask Portfolio and Sushi.

The exploit has now been addressed and fixed by the Ledger team. The infected version was launched 11:37:24 AM (CEST) and an update that removes the exploit was released 2:18:35 PM (CEST).

Presail was not exposed to the attack

Ledger is widely used by many dApps, not only directly, but also through other third parties that depend on it. One of those third parties is Wagmi, another popular JS library used to connect to web3. Although Presail uses Wagmi to handle all the web3 interactions, we had no exposure to the exploit, because

we do not rely on the part of Wagmi that used @ledgerhg/connect-kit.As such, we never served the infected code from Ledger. You can therefore continue using Presail as you normally would. It may, however, be a good idea to follow some simple ground rules when using dApps to protect

your funds.

How to recognise and protect yourself against the exploit

Situations like these typically evolve rapidly and it may be a good idea to wait for 24 hours before you interact with any dApp, until the dust has settled, and all facts are on the table. You can follow updates from the Ledger team on

Based on a user's input on LedgerHQ's own Github, the exploit functions by opening a malicious overlay on top of Ledger's regular "Connect wallet" interface. When you connect your wallet using the interface, it will ask you to sign a transaction that will drain your funds.

Even though the attack is now resolved, you may want to clear your browser cache, to make sure it hasn't stored an old and infected version of the Ledger library.

Here's how to clear your browser cache in Google Chrome

To summarize:

  • Be on the lookout for the overlay in the screenshot above. If you see it, make sure to report it to the affected dApp, and refrain from interacting with the dApp until the issue is confirmed resolved.
  • Clear your browser cache
  • In general, always take a moment to review any transaction you sign with your wallet. Be sure that the permissions you grant to the dApp align with the dApp's stated purpose and functionality.

Stay safe,

The Presail Team

6 Key Ways Initial Coin Offerings (ICOs) Have Evolved Over Time

6 Key Ways Initial Coin Offerings (ICOs) Have Evolved Over Time

Exploring the rise, challenges, and regulatory shifts in ICOs, this article sheds light on the emergence of STOs as a secure investment avenue in the crypto space.

SAFT Agreement Explained: Your Ultimate Guide [2023]

SAFT Agreement Explained: Your Ultimate Guide [2023]

This guide offers an in-depth look at Simple Agreements for Future Tokens (SAFTs), covering everything from regulatory compliance to investment risks and opportunities in the blockchain startup ecosystem. Ideal for both investors and startups navigating the SAFT landscape.

KYC AML checklist for crypto fundraising in 2023

KYC AML checklist for crypto fundraising in 2023

Master KYC & AML for crypto fundraising in 2023. Dive into investor onboarding, navigate regulations, and ensure full compliance.

Make complex investment processes a thing of the past

The path to simplifying your Web 3.0 investment workflow starts here.