Ledger Details

    Organization Logo

    Ledger

    Paris, France employees • Technology

    Industry

    Technology

    Security Incidents

    1

    Ledger offers certified crypto asset hardware wallets bringing optimal protection level to your bitcoins, ethereums, XRP and more - without sacrificing usability or control.

    Security Incidents

    Ledger Breach of May 2023
    Severity Score
    Moderate

    Type

    Unknown

    Summary

    The Ledger security incident of May 2023 involved an exploit using the Ledger Connect Kit, a JavaScript library connecting websites to crypto wallets. The incident highlighted risks faced by Ledger and the industry in protecting users. The malicious code used a rogue WalletConnect project to redirect assets to hackers' wallets. Ledger was alerted to the attack and deployed a genuine fix within 40 minutes of detection. The incident underscored the importance of raising security standards for DApps and browser-based signing to safeguard user assets.

    Severity

    The Ledger cyber security incident in May 2023 was detected as an exploit using Ledger Connect Kit, highlighting risks in protecting users and the industry's need to enhance security around DApps. The incident involved unauthorized access and malicious code, with an extended availability of the malicious code due to delays in updating caches globally.

    Impact

    The breach impacted Ledger's systems, including Github, SSO based services, internal and external tools, and NPMJS. Assets were rerouted to hackers' wallets through a rogue WalletConnect project, emphasizing the vulnerabilities in digital asset security and the broader implications for the crypto industry.