Ledger Library Exploit Explainer for Average Folks

What is going on with the recent alerts not to use dapps?

A library that is used by many dapps that is maintained by Ledger was compromised and a wallet drainer was added.

What do I do as a normal user?

Do not interact with any dapp front ends on websites for now. This is an ongoing situation and it is risky to use dapps currently if you don't understand what backend libraries they use.

How does this drain your money?

If you visit the website you won't get automatically drained or your funds. However, prompts from your browser wallet (like MM) will display that give your assets to the malicious actors.

Does Ledger know about this?

Yes they do and are working on it.

Note: Even after Ledger corrects the bad code in their library, projects using and deploying that library will need to update things before it is safe to use dapps that use Ledger's web3 libraries.

Disclaimer: This is my own opinion and not the opinion of any of my employers. Take this advice at your own risk.

Stay safe ♥️