Ledger Connect Kit Breach: Hacker Siphons $484K, Company Rolls Out Version 1.1.8

Ledger Connect Kit Breach: Hacker Siphons $484K, Company Rolls Out Version 1.1.8

The unknown attacker that compromised Ledger’s Connectkit Library has reportedly siphoned $484,000 from wallets, according to the onchain intelligence firm Lookonchain. Ledger disclosed a former employee fell victim to a phishing attack and the attacker gained access to the Ledger Connectkit Library and uploaded a malicious bug.

Ledger Responds to $484K Hack

The latest and secure version 1.1.8 of the Ledger Connect Kit is currently being disseminated automatically, according to the last update from Ledger. The company advised a waiting period of 24 hours before resuming use of the Ledger Connect Kit. This precaution follows a security breach detailed in the ensuing timeline: Initially, a phishing attack targeted a former Ledger Employee’s NPMJS account early today, Central European Time.

Ledger said the breach enabled the attacker to release a compromised version of the Ledger Connect Kit (versions 1.1.5 through 1.1.7), which manipulated a deceptive Walletconnect project to reroute funds to a hacker’s wallet. Alerted to the issue, Ledger’s technology and security teams rapidly deployed a solution within 40 minutes of becoming aware, though the malicious file was active for about five hours, the company disclosed.

The estimated time during which funds were siphoned was under two hours. In response to the incident, Ledger said it collaborated with Walletconnect to disable the rogue project and has now issued the verified Ledger Connect Kit version 1.1.8. Ledger further explained that development teams working with the Ledger Connect Kit on NPM have been restricted to read-only access to prevent direct package updates. Ledger noted that Tether had frozen the bad actor’s address and the wallet was now visible via Chainalysis software.

The onchain analysis platform Lookonchain reported that $484,000 was stolen from wallets. However, Ledger has not confirmed the figures but did disclose the wallet address which is: “0x658729879fca881d9526480b82ae00efc54b5c2d.” The wallet currently holds $254K at the time of writing.

The hardware wallet manufacturing company is actively engaging with affected customers and is working with law enforcement to track down the attacker. In addition, Ledger detailed it is analyzing the exploit to prevent future attacks. Ledger reiterated the importance of Clear Signing and suggested using an additional Ledger mint wallet or manual transaction parsing for blind signing.

What do you think about the Ledger exploit? Share your thoughts and opinions about this subject in the comments section below.


by Jamie Redman via Bitcoin News

Comments