Briefly:
A supply chain hack has been introduced into the DeFi ecosystem via Ledger’s Connect Kit – a software package that numerous DeFi / Web3 apps use to facilitate connections with Ledger wallets.
This vulnerability does not affect Ledger wallets themselves, nor the Ledger Live management application.
This affects any DeFi / Web3 app with a “connect your wallet” function that makes use of the Ledger Connect Kit – and it can compromise any wallet connection to the dAPP, not just a Ledger.
A fix has already been issued, and all the platforms are busy upgrading and patching right now.
In the meantime:
- Do not use any DeFi / Web3 apps
- Clear your browser cache before you do
Finally, find another hardware wallet if you are using Ledger. To be clear, the hardware wallet has not been impacted – but this is just the final straw in an ongoing series of missteps by the company.
I have ended my endorsement of Ledger products and pulled down all my affiliate links.
Recommended alternatives: Coinkite from Canada, and I am also looking at iCoin – which may be simpler to use for non-techies.
I’m working on an abbreviated version of the mid-month portfolio update but it won’t be out until the weekend or Monday.
That’s it for now.
–markÂ
P.S If you missed the news, DollarCollapse has joined the Bombthrower Media stable. The focus will continue to be on gold and precious metals, (but don’t worry, we’ll orange pill more than a few of them 😉
You can jump on the DC mailing list there, and get a free ebook by the investing legend Bob Moriarty “Nobody Knows Anything”.