Ledger crypto wallet was reportedly attacked by hackers and in the process led to some huge money thefts. Some unfortunate incident reportedly drained users of Ledger $610,000 worth of crypto.
Ledger Crypto Wallet Attacked
Crypto giant Ledger according to reports spent the better part of December 14 warning users not to interact with web3 decentralized apps amid strong concerns over a supply chain attack.
The attack in question on the ‘Ledger dApp Connect Kit’ library was reportedly found to be pushing a JavaScript wallet drainer, the firm found. Ledger has ever since then confirmed that it was the victim of a phishing attack and that the error in question has now been rectified, thus leaving users free to continue making use of Ledger Connect Kit.
The Attack Could Have Been Avoided Altogether
Ledger reportedly confirmed at 4:49 pm CET through a post on X that a former employee had at the time fallen victim to a phishing attack that reportedly compromised their NPMJS account. The attacker in question made use of the compromised account to publish a malicious version of the Ledger Connect Kit, which utilized a rogue WalletConnect project to effectively reroute funds to the wallet of the hackers.
How the Hackers Acted
ZachXBT, a crypto researcher posted to X that more than $610,000 had been stolen during the said attack.
Ledger revealed that the malicious file, which affected versions 1.1.5, 1.1.6, and 1.1.7, was reportedly live for around five hours, but that the fund draining on the other hand happened in a shorter period of around two hours. A fix was reportedly issued within 40 minutes of Ledger becoming aware, and the firm has since then confirmed that Ledger Connect Kit 1.1.8 is now fully propagated and that users in question can now continue as normal.
Ledger has also reported the wallet address of the attacker and has also frozen their USDT together with Tether.
Ledger’s CEO Response to the Incident
CEO of Ledger, Pascal Gauthier has also responded to the said incident, revealing that the “unfortunate isolated incident” serves as a “reminder that security is not static” and that Ledger on its end, and any other firm, should improve their security continuously.
Gauthier added: “Ledger will support affected users in helping to find this bad actor, bring them to justice, track the funds, and work with law enforcement to help recover stolen assets from the hacker.”
MORE RELATED POSTS
