Ledger Connect Kit Breach: Hacker Drains $484K, Company Swiftly Rolls Out Version 1.1.8

Ledger faces a security breach as a hacker siphons $484,000 from compromised wallets. The company responds with the rapid deployment of the secure Ledger Connect Kit version 1.1.8, urging a 24-hour waiting period for users. Law enforcement is involved as Ledger vows to enhance security measures.

Ledger, a prominent hardware wallet manufacturer, grapples with a significant security breach as an unknown assailant infiltrates the Ledger Connectkit Library, siphoning a substantial $484,000 from wallets, as reported by onchain intelligence firm Lookonchain.

In a startling revelation, Ledger disclosed that a former employee fell prey to a phishing attack, enabling the attacker to gain unauthorized access to the Ledger Connectkit Library. Exploiting this access, the hacker uploaded a malicious bug, manipulating versions 1.1.5 through 1.1.7 of the Ledger Connect Kit. The compromised kit ingeniously rerouted funds through a deceptive Walletconnect project to the hacker’s wallet.

Responding swiftly to the breach, Ledger initiated the automatic dissemination of the latest and secure version, 1.1.8, cautioning users to wait 24 hours before resuming the use of the Ledger Connect Kit. The security timeline unfolded with a phishing attack on a former employee’s NPMJS account, and within 40 minutes of detection, Ledger’s technology and security teams deployed a solution. However, the malicious file remained active for approximately five hours.

During this window, the attacker managed to siphon an estimated $484,000 from compromised wallets. Ledger, in collaboration with Walletconnect, disabled the rogue project, and the verified Ledger Connect Kit version 1.1.8 was swiftly issued. Notably, development teams working with the Ledger Connect Kit on NPM now have read-only access to prevent direct package updates.

Despite Lookonchain reporting the stolen amount, Ledger has not confirmed the figures officially. The wallet address associated with the breach, “0x658729879fca881d9526480b82ae00efc54b5c2d,” currently holds $254,000 at the time of writing. Ledger is actively engaging with affected customers and collaborating with law enforcement to track down the perpetrator.

In response to the incident, Ledger emphasized the importance of Clear Signing and recommended using an additional Ledger mint wallet or manual transaction parsing for blind signing. The company reiterated its commitment to analyzing the exploit to fortify defenses against potential future attacks.

Disclaimer: The information provided in this article is for educational and informational purposes only. It should not be considered financial advice from Cryptozi or any other entity. We want to emphasize that if readers use the content or services mentioned in this article, Cryptozi is not responsible for any resulting losses. Therefore, it is strongly advised to exercise caution and consult with financial professionals before making any financial decisions that could impact your financial situation.

Lastest

Bitcoin’s Trajectory: A Mathematical Glimpse into a $1 Million Future

The Bitcoin Power Law model predicts Bitcoin's price...

House Committee Advances Bill to Repeal SEC Bulletin Impacting Crypto Custody Services

The House Financial Services Committee in the U.S....

Nigeria Disputes $10B Binance Fine Amidst Cryptocurrency Regulatory Strife

Nigerian government denies the existence of a $10...

Altcoins OCEAN and APT Poised for Potential All-Time Highs in March

OCEAN and APT, two altcoins, show promising upward...

Subscribe

spot_img

Related

Bitcoin’s Trajectory: A Mathematical Glimpse into a $1 Million Future

The Bitcoin Power Law model predicts Bitcoin's price...

House Committee Advances Bill to Repeal SEC Bulletin Impacting Crypto Custody Services

The House Financial Services Committee in the U.S....

Nigeria Disputes $10B Binance Fine Amidst Cryptocurrency Regulatory Strife

Nigerian government denies the existence of a $10...

Altcoins OCEAN and APT Poised for Potential All-Time Highs in March

OCEAN and APT, two altcoins, show promising upward...

Elon Musk Sues OpenAI Over Alleged Violation of Non-Profit Principles

Elon Musk initiates legal action against OpenAI and...
spot_imgspot_img

Bitcoin’s Trajectory: A Mathematical Glimpse into a $1 Million Future

The Bitcoin Power Law model predicts Bitcoin's price reaching $1 million per unit by 2033 and an impressive $10 million by 2045. The...

House Committee Advances Bill to Repeal SEC Bulletin Impacting Crypto Custody Services

The House Financial Services Committee in the U.S. Congress advances resolution 109 to disapprove SEC SAB 121, aiming to remove restrictions on banks...

Nigeria Disputes $10B Binance Fine Amidst Cryptocurrency Regulatory Strife

Nigerian government denies the existence of a $10 billion fine for Binance, refuting BBC reports. Special adviser Bayo Onanuga claims misquotation, clarifying that...