Phantom
Ledger Connect Kit version used in Chrome extension app 23.19.0? #142
-
SummaryWhat is the best way to verify that phantom wallet integration with Ledger Connect Kit has been upgraded to at least version 1.1.8? I still am not confident using ledger through Phantom until I can see some evidence this has been rolled out (likely has). "malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7). The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet." https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit ExampleNo response Steps to Reproduce
Phantom Version23.19.0 Is there an existing discussion for this?
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Hey @justchouta, Phantom does not implement Ledger Connect Kit. This is the responsibility of dApp developers. Additionally Phantom has measures in place to detect malicious transactions stemming from an exploit such as this and will warn the user. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, mate. So, technically, what you are saying is phantom was never exposed. This post also suggests that the malicious transactions would have been visible through phantom before approving on a ledger...? Also, that phantom has measure in place to detect when a transaction appears malicious such as not matching the original request and would have flagged it with a warning for users? Please feel free to clarify if I have not understood correctly. |
Beta Was this translation helpful? Give feedback.
-
|
@justchouta We are constantly implementing new detection methods for malicious or misleading transactions. From what we observed, we do believe the malicious transaction exposed by this hack was detected and all users were given a warning when prompted to sign in Phantom. |
Beta Was this translation helpful? Give feedback.
-
|
We are constantly implementing new detection methods for malicious or
misleading transactions. From what we observed, we do believe the
malicious transaction exposed by this hack was detected and all users were
given a warning when prompted to sign in Phantom.
Thanks, adam! Appreciate the straightfowardness… Hope the holiday season is treating you well. :)
Samuel "Chouta" Rodda
Director
ALKEMO
+61 428 397 597 ***@***.*** ( ***@***.*** ) @justchouta
NOTICE: If you have received this message in error, you’d be doing me a favour by notifying me of my mistake. I apologise; feel free to delete the message, and have a wonderful rest of your day!
…On Sat, Dec 30, 2023 at 4:03 AM, Adam < ***@***.*** > wrote:
@ justchouta ( https://github.com/justchouta ) We are constantly
implementing new detection methods for malicious or misleading
transactions. From what we observed, we do believe the malicious
transaction exposed by this hack was detected and all users were given a
warning when prompted to sign in Phantom.
—
Reply to this email directly, view it on GitHub (
#142 (reply in thread)
) , or unsubscribe (
https://github.com/notifications/unsubscribe-auth/A355XJNVPFLFHDJ57G2XNM3YL4AVNAVCNFSM6AAAAABA7CKRWWVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TSNZUG43TS
).
You are receiving this because you were mentioned. Message ID: <phantom/docs/repo-discussions/142/comments/7974779
@ github. com>
|
Beta Was this translation helpful? Give feedback.
@justchouta We are constantly implementing new detection methods for malicious or misleading transactions. From what we observed, we do believe the malicious transaction exposed by this hack was detected and all users were given a warning when prompted to sign in Phantom.