Slow Fog: Dapps using Ledger Connect Kit version 1.1.4 and above are affected, please pay attention to the investigation

2023-12-14 21:52:26

Collection

ChainCatcher message, SlowMist Security Threat Intelligence discovered that @ledgerhq/connect-kit has suffered a supply chain attack, where the attacker implanted malicious JS code in versions of @ledgerhq/connect-kit >1.1.4 to launch phishing attacks against cryptocurrency users. Dapps using @ledgerhq/connect-kit version >1.1.4 are all affected, please check if the following affected versions are used in your code.

Affected version range:

@ledgerhq/connect-kit 1.1.5 (the attacker left a message in the code)

@ledgerhq/connect-kit 1.1.6 (the attacker left a message in the code and implanted malicious JS code)

@ledgerhq/connect-kit 1.1.7 (the attacker left a message in the code and implanted malicious JS code)

The SlowMist Security Team recommends exercising caution when interacting with DApps until an official fix is clearly provided.

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.