Cryptocurrency entrepreneur Erik Voorhees has publicly criticized Revolut, claiming the fintech company shut down his account due to his interactions with cryptocurrencies. Despite not using Revolut’s crypto service and funding his account via fiat from an exchange, Voorhees experienced a freeze on his account for three weeks, followed by termination. This incident occurred even after […]
Bitcoin News
Ledger Library Exploit Alert: Users Warned Against Interacting With Dapp Front Ends Amid Wallet Drainer Risk
According to several reports, there’s been an alleged Ledger Connectkit Library exploit and people are being warned not to interact with decentralized application (dapp) front ends. Reportedly, the library that maintained several dapps now contains a wallet drainer.
*Editor’s Note: The end of this article was updated at 9:02 a.m. (EST) on Dec. 14, 2023, with a message from Ledger noting that the malicious file in the library was replaced and will be propagated.
Ledger Library Breach: Experts Advise Halting Dapp Usage to Dodge Wallet Drainer
A myriad of reports detail that there’s an issue with the Ledger Library as an exploit was noticed. The X user called “Banteg” explained that, “[Ledger Library] confirmed compromised and replaced with a drainer” and stressed that people should “wait out interacting with any dapps till things become clearer.”
Blockchain developer Hudson Jameson detailed that Ledger’s Library, used in numerous dapps, has been compromised, leading to the insertion of a wallet drainer. Jameson advised people to refrain from interacting with dapp front ends on websites, as the situation remains risky, especially for those unaware of the specific backend libraries in use. He added that while visiting compromised websites won’t automatically result in fund loss, deceptive browser wallet prompts could enable unauthorized asset transfers to malicious entities.
Jameson further added that Ledger is aware of the issue and actively working on a resolution. Note that safety will only be restored after affected dapps update their use of Ledger’s Web3 libraries, even post-correction by Ledger. A large swathe of other developers and crypto enthusiasts shared warnings on the social media platform X.
“I would avoid using ANY dapps until their teams confirm that they have mitigated the attack,” one individual stated. Revokecash, Zapper, Sushi, and other dapps are reportedly vulnerable to the bug, and users are being advised to avoid using these applications.
*Ledger has officially confirmed the issue. “We have identified and removed a malicious version of the Ledger Connectkit. A genuine version is being pushed to replace the malicious file now,” Ledger wrote at 8:31 a.m. (EST). “Do not interact with any dapps for the moment. We will keep you informed as the situation evolves. Your Ledger device and Ledger Live were not compromised.
“The malicious version of the file was replaced with the genuine version at around 2:35 p.m. CET. The new genuine version should be propagated soon,” Ledger added in a subsequent tweet. “We will provide a comprehensive report as soon as it’s ready. In the meantime, we’d like to remind the community to always Clear Sign your transactions – remember that the addresses and the information presented on your Ledger screen is the only genuine information. If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.”
This story is still developing and will be updated with more information as it transpires.
What do you think about the issue with the Ledger Library? Share your thoughts and opinions about this subject in the comments section below.
Swan Bitcoin to Terminate Accounts Interacting With Bitcoin Mixing Services
Swan Bitcoin, a bitcoin exchange platform, announced recently that it would terminate accounts of users directly interacting with mixing services. The company explained that this was due to the pressure from banking institutions after the Financial Crimes Enforcement Network (FinCEN) presented a proposal to increase the bookkeeping requirements on these transactions.
Swan Bitcoin Announces New Restrictive Policies Regarding Mixing Services
Swan Bitcoin, a California-based Bitcoin services platform, recently announced a change in its policies regarding mixing services. The company sent a letter to its customers stating that from now on, accounts that interact directly with transactions coming from or going to coin mixing services risk being terminated.
The company explained that this change had to do with the pressures that its banking partners had been exerting due to the introduction of a Financial Crimes Enforcement Network (FinCEN) proposed rule that seeks to establish new responsibilities on institutions facilitating transactions that include mixing services.
On the issue, Yan Pritzker, co-founder and CTO of Swan Bitcoin, stated that while the company itself has an open policy for allowing coin mixing as a privacy service, there is no way of on-ramping customers with fiat without connecting to qualified custodians and banks. Instead of doing investigative work the company prefers to avoid risks entirely.
Pritzker declared:
Game theoretically, this behavior is expected and obvious. Why should a bank have to do extra work to prove innocence when the government has been telling them for years that they don’t want to see mixing?
A Community Enraged
Even after Pritzker’s statements, some members of the crypto community rejected Swan’s new policies, stating that these were directly opposed to the ethos of the exchange.
Samourai Wallet, one of the wallets that features mixing services, heavily criticized Swan Bitcoin’s actions, declaring that the exchange was acting like the enforcer of a proposal that was not even law yet and inviting users to close their accounts or force the exchange to terminate them by interacting with mixing services.
Samourai Wallet stressed:
It’s still a proposal you lame f*cking p*ssies. Instead of mounting a defense you preemptively comply? Absolute losers.
Vlad Costea, host of the Bitcoin Takeover podcast, also blasted Swan Bitcoin’s actions, explaining these were “dystopian” and sought to establish an anti-Bitcoin compliance culture. “As a European, I don’t have access to Swan. But if I did, I’d stop using the service ASAP,” he concluded.
What do you think about Swan Bitcoin’s new account termination policies? Tell us in the comments section below.