Reply To: Password Manager

[Adam Nealis]

Is this what you’re looking for?

TLDR: Recommended alternatives: Coinkite from Canada, and I am also looking at iCoin – which may be simpler to use for non-techies.The Sparrow wallet is also recommended as a software wallet option.

From: Mark E. Jeftovic <markjr@bombthrower.com>
Date: 2024.14.12
Subject: [Bombthrower] TBC ALERT: Do Not Use Any DeFi dApps Today (details within)

A supply chain hack has been introduced into the DeFi ecosystem via Ledger's Connect Kit - a software package that numerous DeFi / Web3 apps use to facilitate connections with Ledger wallets.

Ledger has acknowledged the breach and further states that this vulnerability does not affect Ledger wallets themselves, nor the Ledger Live management application.

This affects any DeFi / Web3 app with a "connect your wallet" function that makes use of the Ledger Connect Kit - and it can compromise any wallet connection to the dAPP, not just a Ledger.

A fix has already been issued, and all the platforms are busy upgrading and patching right now. 

In the meantime:

    Do not use any DeFi / Web3 apps
    Clear your browser cache before you do
    Look for the all-clear from any dApp before reconnecting to it
    All sites purporting to be "Ledger bounty" or "Ledger compensation" sites are scams - do not use (already seeing these).

Finally, find another hardware wallet if you are using Ledger. To be clear, the hardware wallet has not been impacted - but this is just the final straw in an ongoing series of missteps by the company.  

I have ended my endorsement of Ledger products and pulled down all my affiliate links.

Recommended alternatives: Coinkite from Canada, and I am also looking at iCoin - which may be simpler to use for non-techies.The Sparrow wallet is also recommended as a software wallet option.

I'm working on an abbreviated version of the mid-month portfolio update but it won't be out until the weekend or Monday.

Coverage via Decrypt here.