TechFlow news — Pascal Gauthier, Chairman and CEO of Ledger, has issued an open letter regarding the vulnerability in Ledger Connect Kit.
On December 14, Ledger experienced a vulnerability exploit affecting Ledger Connect Kit—an open-source JavaScript library that enables websites to connect to cryptocurrency wallets. Ledger has since worked with partners to eliminate the vulnerability and swiftly freeze stolen funds. The exploit was active for less than two hours. This vulnerability specifically impacted third-party DApps using Ledger Connect Kit and is currently under investigation. Ledger has filed a formal complaint and will assist affected individuals in attempting to recover their funds. Ledger will support impacted users by helping identify the attackers, track illicit transactions, cooperate with law enforcement, and facilitate the recovery of stolen assets from hackers.
According to Gauthier: "Security is not static—Ledger must continuously improve our security systems and processes. We will implement stricter security controls and strengthen the software supply chain by securing the build pipeline connected to the NPM distribution channel."




