Ledger faces a security breach as a hacker siphons $484,000 from compromised wallets. The company responds with the rapid deployment of the secure Ledger Connect Kit version 1.1.8, urging a 24-hour waiting period for users. Law enforcement is involved as Ledger vows to enhance security measures.
Ledger, a prominent hardware wallet manufacturer, grapples with a significant security breach as an unknown assailant infiltrates the Ledger Connectkit Library, siphoning a substantial $484,000 from wallets, as reported by onchain intelligence firm Lookonchain.
In a startling revelation, Ledger disclosed that a former employee fell prey to a phishing attack, enabling the attacker to gain unauthorized access to the Ledger Connectkit Library. Exploiting this access, the hacker uploaded a malicious bug, manipulating versions 1.1.5 through 1.1.7 of the Ledger Connect Kit. The compromised kit ingeniously rerouted funds through a deceptive Walletconnect project to the hacker’s wallet.
Responding swiftly to the breach, Ledger initiated the automatic dissemination of the latest and secure version, 1.1.8, cautioning users to wait 24 hours before resuming the use of the Ledger Connect Kit. The security timeline unfolded with a phishing attack on a former employee’s NPMJS account, and within 40 minutes of detection, Ledger’s technology and security teams deployed a solution. However, the malicious file remained active for approximately five hours.
During this window, the attacker managed to siphon an estimated $484,000 from compromised wallets. Ledger, in collaboration with Walletconnect, disabled the rogue project, and the verified Ledger Connect Kit version 1.1.8 was swiftly issued. Notably, development teams working with the Ledger Connect Kit on NPM now have read-only access to prevent direct package updates.
Despite Lookonchain reporting the stolen amount, Ledger has not confirmed the figures officially. The wallet address associated with the breach, “0x658729879fca881d9526480b82ae00efc54b5c2d,” currently holds $254,000 at the time of writing. Ledger is actively engaging with affected customers and collaborating with law enforcement to track down the perpetrator.
In response to the incident, Ledger emphasized the importance of Clear Signing and recommended using an additional Ledger mint wallet or manual transaction parsing for blind signing. The company reiterated its commitment to analyzing the exploit to fortify defenses against potential future attacks.