Beware of phishing attacks, Ledger will never ask for the 24 words of your recovery phrase. Never share them. Learn more

Ledger Connect Kit exploit: How to register your claim

We’ve identified and removed a malicious version of code, published by a hacker that affected the Ledger Connect Kit and therefore DApps more broadly. 

This exploit did not and does not affect the integrity of Ledger hardware or Ledger Live. The genuine and verified Ledger Connect Kit version 1.1.8 is propagated and is safe to use.

Register your claim

If your assets have been effectively stolen on Dec 14, 2023, as part of the transactions operated jointly by the attacker (0x658729879fca881d9526480b82ae00efc54b5c2d) and Angel Drainer (0x412f10AAd96fD78da6736387e2C84931Ac20313f) related to the Ledger Connect Kit exploit, follow the steps outlined below to register your claim.

Update 28 March 2024: Registration for claims will remain open until 31 May 2024. If you have a valid claim, please register it as instructed below before this date. After 31 May 2024, we will not be accepting any new claims under this program.

Click on the Contact us select "Other" and then "Ledger Connect Kit Claim."

In your email, include the phrase 'Ledger Connect Kit Claim' and the following information:

  1. Transaction ID.
  2. Amount of funds stolen.
  3. Address of the affected wallet(s).
  4. Are all your wallets affected?
  5. Have you signed the transaction with your Ledger device?
  6. Which dApp were you using?
  7. Have your funds been stolen after clicking on a suspicious link?

We also encourage you to file your own complaint with your relevant local law enforcement authority and identify yourself as a victim. Please share a copy of your complaint with us so we can make sure French law enforcement gets the same details.

  If Ledger agrees to fulfill your claim, please note that Ledger's trusted service providers will screen your name and your wallet address. An official  ID will be needed to perform ID verification. Transfer of assets by Ledger is subject to the absence of compliance flags in the screening reports. You will also need to confirm that you did not already, and will not be able to, recover your stolen assets via other means.

If users do not get their assets back by other means, Ledger will transfer the same amount of tokens to the impacted users (subject to compliance checks), by the end of February 2024. When pertaining to any NFTs impacted by the specific exploit, a NFT in the same collection will be transferred to resolve the asset.

We are continuing to investigate the issue, in the meantime rest assured your ticket will stay open and we will continue to communicate updates.

Ledger has a legitimate interest in collecting and processing your information to perform wallet address screening and ID verification for compliance purposes. Your information will be retained until your claim is resolved or for the duration of the statute of limitation. It will be available to Ledger and its technical service providers, and may be transferred to non-European countries that ensure an adequate level of protection or under the standard contractual clauses adopted by the EU Commission. You may access your data and request their rectification or deletion. You may also object to, or request the limitation of, the processing of your data. To make any request regarding your data or if you have any question pertaining to their processing, please contact Ledger’s Data Protection Officer here. If you have concerns regarding the handling of your data, you may lodge a complaint with the personal data protection authority of your country.

Was this article helpful?