Unknown Malicious Agents Exploit LedgerConnect Kit
In a significant security breach, Ledger, a popular hardware wallet provider, was targeted by unknown malicious agents who aimed to exploit their LedgerConnect kit. The attack was first reported by Blockaid, a platform dedicated to protecting web3 users.
The Supply Chain Attack on Ledger Connector
Attackers injected a “wallet-draining payload” into the NPM package, which then allowed them to hijack the front end of various apps, including Sushi, Hey, and Zapper. This resulted in the theft of hundreds of thousands of dollars worth of assets. The attack did not specifically target any particular blockchain or dapp but instead aimed to exploit all protocols that used the LedgerConnect kit for asset management or transfers.
To execute the hack, the attackers specifically targeted Ledger’s NPM. This connector is vital for securely connecting and managing off-chain Ledger wallet clients’ assets online. Additionally, developers can integrate Ledger hardware wallets into apps through this interface, enabling users to engage in activities like non-fungible tokens (NFTs) and decentralized finance (DeFi).
Ledger Responds and Stolen Funds
Igor Igamberdiev, Wintermute’s Head of Research, reported that a script infected with malware was uploaded to Ledger’s NPM register. However, Ledger responded promptly by deleting the malicious file and replacing it with a genuine version. Despite these efforts, over $480,000 worth of assets were stolen before the error was patched.
Ledger has reminded users to exercise caution when signing off on transactions and emphasized that their interface is the only reliable source of information. They have also assured customers that their devices were not compromised.
Blockchain analytics platform Lookonchain confirmed the theft of assets before Ledger addressed the issue. In response, Paolo Ardoino, the CEO of Tether, announced that they had blocked the Ledger Exploiter’s address.
Hot Take: Ledger Faces Major Security Breach
Ledger, a leading hardware wallet provider, has fallen victim to a significant security breach. Unknown malicious agents exploited Ledger’s LedgerConnect kit, resulting in the theft of hundreds of thousands of dollars worth of assets. The attackers injected a malicious payload into the NPM package and hijacked the front end of various apps. This supply chain attack targeted all protocols utilizing the LedgerConnect kit for asset management or transfers. Despite Ledger’s prompt response to delete the malware-infected file and replace it with a genuine version, over $480,000 worth of assets were stolen before the issue was resolved. This incident highlights the ongoing challenges and risks faced by crypto users and reinforces the importance of maintaining strong security measures when engaging with digital assets.
By
By
By
By
By