Revoke.cash logo

Ledger Connect Kit Hack

Check if your address is affected.

Discovered On2023-12-14
Stolen Amount$610k
Affected Networks
Ethereum Logo
BNB Chain Logo
Polygon Logo
Arbitrum Logo
Optimism Logo
Base Logo
Avalanche Logo
Fantom Logo
Read Morewww.coindesk.com, www.ledger.com, revoke.cash

Description

Over $600k has been stolen from users of many different crypto websites, including SushiSwap and Revoke.cash. This hack is a result of a vulnerability in the Ledger Connect Kit library, which is used by many crypto websites to connect to Ledger hardware wallets. The vulnerable library allowed hackers to inject a malicious script into these popular crypto websites. Many websites, like SushiSwap and Revoke.cash were quick to take their websites offline and remove the affected library. Most big websites were able to remove the library within a few hours, but some websites took longer to mitigate the issue. Because it is not known how many websites were affected, we recommend to check if you're affected by this hack if you used any crypto websites on the 14th of December 2023.

Affected users remain at risk as long as they haven't revoked their approvals, so it is recommended to use the Revoke.cash Exploit Checker below to make sure that you're safe.

Back to Exploits