Former Employee Falls Victim to Phishing Scam
A former employee of hard wallet maker Ledger fell victim to a phishing scam, resulting in a hacker gaining access to the library and stealing $480,000 in crypto. However, Ledger’s CEO confirmed that their hard wallet products were not affected by the incident.
Exploit on Ledger Connect Kit
Ledger’s chairman and CEO, Pascal Gauthier, stated that the exploit occurred on Ledger Connect Kit, a Javascript library used to connect websites to wallets on various defi platforms. Gauthier emphasized that the incident was limited to third-party applications.
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
The standard practice at Ledger is that no single person can deploy code without review by multiple parties. We have strong access controls, internal reviews, and multi-signature code when it comes to most parts of our development. This is the case in 99% of our internal systems. Any employee who leaves the company has their access revoked from every Ledger system.
Pascal Gauthier, chairman and CEO, Ledger
Hack Resulted from Phishing Scam
The ex-staff member who was hacked fell for a phishing scam, allowing the attacker to publish a rogue WalletConnect project using the compromised account access. This enabled bad actors to reroute user funds.
Defi Apps Affected
The exploit on December 14 impacted several defi apps such as SushiSwap and Revoke.cash.
Confirmation by Crypto Participants
Observations made by crypto participants on social media aligned with Ledger’s update on the issue. One user identified a GitHub account linked to an ex-Ledger developer named Junichi Sugiura.
Address Frozen and ERC-20 Transactions Detected
Tether froze an address associated with the hacker, and CertiK reported ERC-20 transactions made by wallets likely connected to the exploiter.
Repeat Incident
This marks the second time in two months that phishers have exploited Ledger to steal user funds. In November, a fake Ledger Live app on the official Microsoft app store siphoned $768,000 worth of Bitcoin and Ether.
Hot Take: Security Breach Highlights Ongoing Risks in the Crypto Industry
The recent security breach at Ledger serves as a reminder of the ongoing risks faced by users in the crypto industry. Phishing scams continue to be a prevalent method used by hackers to gain unauthorized access and steal funds. It is crucial for individuals to remain vigilant and take necessary precautions to protect their crypto assets. Companies like Ledger must also strengthen their security measures and ensure robust protocols are in place to prevent such incidents. As the crypto market grows, maintaining high levels of security will be paramount to fostering trust and widespread adoption.
