The ‘Ledger Hacker’ Exploits Web3 Users
A recent hack that resulted in the theft of at least $484,000 from multiple Web3 apps was carried out by tricking users into making malicious token approvals, according to blockchain security platform Cyvers. The attack took place on December 14 and involved a phishing exploit that compromised a former Ledger employee’s computer. The hacker gained access to the employee’s node package manager javascript (NPMJS) account and uploaded a malicious update to Ledger Connect’s GitHub repo. This update infected several Web3 apps, including Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash. As a result, the attacker was able to steal funds from users of these apps.
How the Attack Happened
The Cyvers team provided further insight into how the attack may have occurred. Developers typically use open-source “connect kits” to allow their Web3 apps to connect with users’ wallets. These kits are pieces of code that can be installed in multiple apps, saving developers time. Ledger’s connect kit is one such option. The attacker likely inserted malicious code into the Ledger Connect Kit, which altered the transactions being sent to users’ wallets. This could include displaying token approval confirmation requests with the attacker’s address instead of the app’s address or presenting confusing code for confirmation.
Preventing Future Attacks
Preventing this type of attack is challenging because wallets often don’t provide clear information about what users are agreeing to. However, one security practice is carefully evaluating each transaction confirmation message while using an app. Cyvers offers a platform that allows businesses to check contract addresses for involvement in security incidents. While future Web3 tools may help detect and prevent such attacks, the industry still has a long way to go in solving this problem.
Hot Take: The Importance of User Vigilance in Web3 Security
This recent hack highlights the need for users to remain vigilant and cautious when interacting with Web3 apps. As the adoption of decentralized finance (DeFi) continues to grow, hackers will target vulnerabilities in the ecosystem. Users must carefully review transaction details and be aware of potential phishing attempts or confusing confirmation requests. Additionally, developers must prioritize security measures when creating Web3 apps, such as thorough code reviews and regular updates. By working together, both users and developers can help strengthen the security of the Web3 space and protect against future attacks.
By
By
By
By