What Happened to the Ledger Hack on December 14th?

Let’s dig into that Ledger Hack that threatened both users and projects on December 14, 2023. Ledger Connect Kit was hacked, creating a malicious version that affected several crypto applications. For the time being, the authentic version of Ledger Connect Kit has already been restored, limiting the hacker’s room for manoeuvre. Users whose funds have been stolen are in discussion with Ledger.

Ledger hack on December 14, 2023 affecting other crypto applications

Code update to intentionally create a cyberattack opportunity

The French company Ledger specialized in physical wallets (so-called hardware wallet or cold wallet) a confirmed that the authentic version of its Connect Kit has been fraudulently replaced by a malicious version.
The hacker behind this exploit gained access to the developer account of a former employee of Ledger through a phishing attack. The attacker then updated part of the code that allows Ledger keys to connect to decentralized applications on Internet. This was done in order to implement a security flaw and exploit it for malicious purposes.

High security risk avoided by a good dose of coordination

The hack exhibition that targeted users of Ledger was finally relatively limited thanks to the speed of reaction and the contribution of several players in the blockchain ecosystem, such as Wallet Connect, Tether, Chainalysis or the independent investigator whose pseudonym zachxbt is now renowned in the Crypto Twitter sphere.

The Connect Kit hack lasted five hours before the flaw was identified and corrected. During this time, many Ledger users who interacted with a decentralized crypto application had their funds stolen. For this fact, one of the major advisors given by Ledger was not to interact with the dApps.

The unfortunate repercussions of the Ledger Connect Kit hack went beyond Ledger users. Several crypto applications that integrate the Ledger Connect Kit have been affected. In fact, the security flaw was introduced in a plugin used by several blockchain projects. These include Revoke cash. The platform had to temporarily take its site offline and recommended not to use any crypto sites.

Hack under control, but there’s no such thing as 0 risk – let’s stay alert!

Thanks to collaboration with WalletConnect the cyberattack on Ledger Connect Kit has been under control. In addition, the hacker’s address was identified, reported and then frozen by the company Tether which manages USDT stablecoins. Then, Ledger announced that the authentic version 1.1.8 of the Ledger Connect Kit is finally safe to use:

The genuine Ledger Connect Kit 1.1.8 is now fully propagated. Ledger and WalletConnect can confirm that the malicious code has been disabled. You can now use your Ledger Connect Kit safely..


According to the data from the analysis platform Lookonchain 484,000 dollars were stolen from wallets. Ledger did not confirm this figure, but only announced discussions with customers whose funds were stolen. A first post-mortem hack summary was circulated and signed by the CEO of Ledger.

Although the Ledger has been mastered, cold wallet users should exercise caution. Ledger has recommended that its users to wait 24 hours and clear the browser cache before connecting their wallet. In addition, Ledger reminds its users never to share the 24-word secret phrase and to sign transactions clearly.


Users should also bear in mind that Ledger cannot protect them against certain types of hack. Recently, several Ledger users have suffered a loss of almost $800,000 due to a false application. Our Ledger user guide may also be of use to you, helping you to take full advantage of the security offered by this cold wallet.

Is it the last Ledger Hack ever? We definitely hope so. Also, if you wish to use other hardware cold wallets with the highest security standards, I invite you to learn more about D’Cent that we presented here !