Ledger Connect Kit Supply Chain Attack

An attacker released malicious versions of the Ledger Connect Kit affecting all dapps using the library.

Ledger Connect Kit Supply Chain Attack

Quick Take

  • Ledger Connect Kit library compromised.
  • Ledger Connect Kit v1.1.8 patch release.
  • Rated launches Rated Console.
  • AltLayer supports Polygon CDK.

Listen on: Apple | Castbox | Spotify | YouTube | Lens

This episode is sponsored by Harpie!


Harpie is an onchain security solution that protects your wallet from theft in realtime. Harpie helps you detect and block suspicious transactions before they execute, safeguarding your assets from malicious attacks and scams. Try Harpie for free at harpie.io/ethdaily.

Ledger Connect Kit Supply Chain Attack

Ledger suffered a supply chain attack in its Ledger Connect Kit, a software library that allows dapps to connect with Ledger hardware wallets. The incident was caused due to a compromised NPMJS account of a former Ledger employee. The account allows updates to be published to the public Ledger Connect Kit library. An attacker exploited the access to release malicious versions of the library that introduced a deceptive WalletConnect module in dapps using Ledger Connect Kit. The module prompted users of all wallet types to authorize wallet-draining transactions, resulting in the theft of over $500,000 across various dapps.

Several dapps that use Ledger Connect Kit, such as Kyber, Revoke.cash, and Lido Finance, temporarily disabled their interfaces to protect users from the phishing attack. During the exploit, users were urged to avoid all dapp interactions.

Ledger Connect Kit Patch Release

Ledger later released kit version 1.1.8 and rotated the keys for publishing on its GitHub. The vulnerability has now been addressed, and the patched release is now available. Developers are advised to ensure their dapps are integrated with the latest authentic version of Ledger Connect Kit. Users are also recommended to clear their browser cache to prevent loading any outdated versions of the software.

Rated Launches Rated Console

Rated Network, a platform dedicated to evaluating validator performance, introduced the Rated Console, a self-serve platform for interacting with its comprehensive API suite. The Console provides developers with essential tools for managing API keys, controlling access, and monitoring compute unit usage. The Console offers both free and paid tiers based on usage levels. Since its launch earlier in the year, the Rated API has handled over 74 million requests. Rated Network specializes in tracking key metrics related to validator performance, including uptime, block validations, staking pools, as well as the diversity of clients used.

AltLayer Supports Polygon CDK

Rollup-as-a-service provider Altlayer will now support Polygon CDK, allowing developers to deploy ZK-powered L2 chains on its platform. AltLayer allows developers to customize rollup deployments, including the ability to select as EigenDA, Avail, or Celestia as their data availability options. Developers will also be able to choose between validium or rollup mode for Polygon CDK chains. Altalyer also supports OP Stack and Arbirtum Orbit.

Other News


🔗 Website | 🎙️ Podcast | 🎥 YouTube | 🐦 X | 🌿 Lens | 🟪 Farcaster