Yesterday we read on Crypto Insiders that the hardware wallet manufacturer Ledger was warning against using its ConnectKit. According to Ledger, a hacker managed to deploy a malicious version of the software library for decentralized applications (dApps).
Ledger responded quickly to the attack and managed to identify and neutralize the malicious version. Despite this reasonable action by Legder, the hacker managed to steal nearly $484,000 worth of cryptocurrencies, according to blockchain analytics platform LookonChain.
Ledger has not yet confirmed the figures, but claims that the damage from the security breach could run into the hundreds of thousands.
Good news! 🎉 Bitvavo is celebrating Christmas and giving our readers free BTC, XRP or another cryptocurrency 🚀
Attack on Ledger leads to phishing attack on ex-employees
This brazen attack on Ledger’s ConnectKit was traced to a former employee of the hardware manufacturer. However, the former employee himself fell victim to a phishing attack through which the hacker created a gateway to Ledger’s NPMJS account.
According to MetaMask, a software wallet provider, the hacker not only affected Ledger’s hardware wallets, but also users of its platform. MetaMask quickly resolved the issue and claimed that its users could conduct secure transactions again.
Powerful partnerships to combat hackers
The hardware wallet giant reported that the company managed to patch the vulnerability in about 40 minutes. However, it later emerged that the malicious code the hacker had placed in Ledger’s ConnectKit had already been active for five hours.
A powerful collaboration between WalletConnect, Chainalysis and the stablecoin issuer Tether (USDT) managed to repel the attack. Tether CEO Paolo Ardoino reports that the stablecoin publisher’s team has frozen the hacker’s wallet address.
A hacker has attacked #Ledger and stole approximately $484,000 in assets.#LedgerExploiter transferred 4,334 $ETH To #AngelDrainer.
And that #AngelDrainer also currently receives assets and holds assets of $363,000. pic.twitter.com/RK9aPyAjEE
– Lookonchain (@lookonchain) December 14, 2023
Coinbase launches crypto spot trading worldwide, including in the Netherlands
Wallets and exchanges
Ledger urges caution when making transactions
Ledger says it is working with victims and law enforcement to identify the attacker. The hardware manufacturer advises its users that the information displayed on the hardware wallet screen contains the only correct information. General ledger receivables:
“In the meantime, we would like to remind the community to always “clear sign” your transactions – remember that the addresses and information displayed on your ledger screen are the only real information.”
The hardware manufacturer emphasizes to its users that they must immediately stop their transactions as soon as there is a discrepancy in the information between the Ledger Live app and the Ledger device.
Post views: 41