Hackers Swindle $484,000, Company Releases Version 1.1.8
An unknown attacker who compromised Ledger’s Connectkit library reportedly stole $484,000 from the wallet, according to on-chain intelligence firm Lookonchain. Ledger said a former employee fell victim to a phishing attack, in which the attacker accessed the Ledger Connectkit library and uploaded a malicious bug.
Ledger responds to $484K hack
According to Ledger’s last update, the latest secure version 1.1.8 of the Ledger Connect Kit is now automatically deployed. The company recommended a 24-hour waiting period before resuming use of the Ledger Connect Kit. This precautionary measure is in response to a security breach detailed in the following timeline. The phishing attack initially targeted the NPMJS account of a former Ledger employee this morning, Central European Time.
Ledger said the breach allowed attackers to release a compromised version of the Ledger Connect Kit (versions 1.1.5 to 1.1.7). The kit manipulated the fraudulent Walletconnect project to redirect funds to the hacker’s wallet. Alerted to the issue, Ledger’s technology and security teams quickly deployed a solution within 40 minutes of becoming aware of it, but the malicious file remained active for about five hours, the company said.
The estimated time it would take for the funds to be released was less than two hours. In response to this incident, Ledger said it had worked with Walletconnect to disable the malicious project and has now issued version 1.1.8 of the verified Ledger Connect Kit. Ledger further explained that development teams using the Ledger Connect Kit on NPM have been restricted to read-only access to prevent direct package updates. Ledger noted that Tether has frozen the addresses of malicious actors and that wallets can now be viewed through Chainalytic software.
Lookonchain, an on-chain analytics platform, reported that $484,000 was stolen from wallets. However, Ledger did not confirm the numbers but did reveal a wallet address called “0x658729879fca881d9526480b82ae00efc54b5c2d”. This wallet currently holds $254,000 at the time of this writing.
The hardware wallet maker is actively communicating with affected customers and working with law enforcement to track down the attackers. Ledger also detailed that it is analyzing the exploit to prevent future attacks. Ledger reiterated the importance of clear signatures and suggested using an additional Ledger Mint wallet or manual transaction analysis for blind signatures.
What do you think about the Ledger exploit? Share your thoughts and opinions on this topic in the comments section below.