Ledger Hardware Wallet Got Hacked – What Went Wrong?
In December 14, Ledger, the company behind physical crypto wallets, experienced a security breach. The Ledger Connect Kit software was compromised, resulting in money being stolen from users’ wallets. A renowned crypto security startup, Blockaid, was the first to detect the attack, identifying a potential supply chain attack on Ledger Connect. The attacker injected a wallet-draining payload into the software, affecting popular decentralized applications (dapps).
How Did the Hack Happen?
The hack originated from a phishing attack that targeted a former Ledger employee. The attacker published malicious code that rerouted user funds during transactions with affected dapps. Ledger confirmed that the malicious code was active for about five hours. The company deactivated it and replaced the compromised software with a more secure version.
Ledger CEO Responds to the Incident
Pascal Gauthier, the CEO of Ledger, expressed sympathy and vowed to find the responsible party. He described the incident as an isolated event and promised to improve security controls. This security breach is another blow to Ledger, which received criticism earlier in the year for a controversial security tool. The incident is a reminder of the persistent security threats faced by the crypto industry.
Hot Take: Ledger’s Ongoing Security Challenges
The recent hack on Ledger’s hardware wallet highlights the ongoing security challenges in the crypto industry. Despite being a trusted device, Ledger’s vulnerability has once again raised concerns among users. This incident, along with previous controversies, points to the need for stricter security measures and continuous improvements to protect users’ funds in the ever-evolving crypto landscape.
By
By
By
By
By
By