CEO addresses security breach
Ledger CEO Pascal Gauthier addressed a serious security breach. Ledger, a key player in the decentralized finance (DeFi) ecosystem, recently suffered a hacking incident. Gauthier confirmed that the threat was successfully neutralized, providing relief to users.
technical details of the incident
The incident involved malicious code in Ledger’s Javascript library. This affected versions 1.1.4 and higher. Gauthier said a former employee had been phished and had unauthorized code uploaded to Ledger’s NPMJS. This package manager for Javascript is widely used.
Ledger’s quick and effective response
Ledger acted quickly after discovering the breach. He worked with WalletConnect to remove the corrupted NPMJS and disable the malicious files in less than 40 minutes. This rapid response highlights the team’s effectiveness and the collective strength of the DeFi community.
Enhanced Security Measures
Gauthier was confident that Ledger’s internal processes prevented unilateral code distribution. A multi-party review system is in place to ensure robust security checks. Additionally, any departing employee’s access to the system will be revoked.
Strengthening future security
Recognizing the dynamic nature of DeFi security, Ledger is committed to strengthening its defenses. For added security, we connected our build pipeline to an NPM deployment channel.
New version released
Following the breach, Ledger released version 1.1.8 of its Connect Kit. This version builds on lessons learned and provides improved security. Users are encouraged to upgrade, but should note that activation may be delayed by 24 hours.
User instructions during transition
Users upgrading to a new version should expect a short operational delay. This fully implements new security protocols. We recommend that you plan to minimize disruption.
Gauthier’s reassuring conclusions
Gauthier concluded positively, ensuring control of the situation. He emphasized the importance of continued vigilance and improvement in cybersecurity within the DeFi space. Ledger’s response demonstrates its commitment to user data protection and community trust.
Despite an effective response, this incident highlights the ongoing and evolving cybersecurity challenges in the DeFi sector.