In its Thursday evening statement, Ledger revealed how the attack unfolded when its former staff suffered a phishing attack.
The crypto wallet developer Ledger admitted the exploit in a warning to the community to halt using decentralized applications (dapps).
Ledger disclosed that the attack arose from a phishing scam that targeted a former staff member.
Ledger iterated that the compromised code captured the ex-staff’s identity and email address. The firm rubbished initial claims by the crypto community, alleging the developer was behind the exploit.
The orchestrator accessed the ex-employee’s NPMJS account involving a package manager in JavaScript programming language. Packages involve libraries developers utilize in building projects instead of coding from scratch. The developers in the Web3 community apply packages to build interoperable decentralized apps from various wallets.
Ledger Admits Compromise in Connect Kit Version
The statement indicated that the exploiter leveraged the access to the NPMJS to launch a malicious Ledger Connect Kit version. The push rendered all projects utilizing the Connect Kit vulnerable to the malicious code that ultimately rerouted users’ funds to the hacker’s wallet.
Ledger clarified that the Connect Kit affected included 1.1.5, 1.1.6, and 1.1.7 versions. The firm confirmed striking out the versions from the NPM page.
The company confirmed that its technology and security units were alert to potential attacks. The teams quickly fixed it within 40 minutes of discovering the vulnerability.
Ledger’s statement revealed that the malicious file ran live for closer to 5 hours. Nonetheless, Ledger indicated that the window of draining the wallets hardly exceeded two hours.
Ledger confirmed pushing a new Connect Kit version 1.1.8 with units utilizing it, realizing automatic updates. The company warned the users to observe the 24 hours before connecting to the decentralized application.
Field chief technical executive at cyber security specialist Sonatype Illka Turunen indicated that the huge number of repositories hosted upon GitHub relying upon the connect-kit loader suggests widespread destruction suffered by the crypto supply chain.
Turunen indicated that unless the developers execute intensive hygiene before its reconsumption.
The exploit triggered widespread panic across the crypto ecosystem. Aftab Hossain, popularly identified as DCInvestor on X, termed it absurd and unacceptable the developer’s possibility of a single click to phishing link compromising the front-end of the meaningful application.
Angel Drainer Involvement in Ledger Exploit
Global leading stablecoin issuer Tether confirmed freezing the funds allegedly connected to the wallet utilized by the exploiter who drained the $484,000 from the decentralized finance (DeFi) users. Tether chief executive Paolo Ardoino disclosed that the wallet held a USDT balance worth $27000 from $334,814.
Further analysis indicated that the wallet contained $484,000 at one point. The on-chain data reveals the wallet’s involvement in transferring funds to the wallet connected to the Angel Drainer.
The phishing group involved in the Ledger exploit linked it with other criminal acts involving DeFi hacks. The stolen assets feature a Doodle NFT exchanging hands at 3.9 ETH, though labeled for suspicious activity on the OpenSea marketplace.
Drainers execute their criminal activities by convincing users to approve transactions secretly, giving them access to funds in their wallets. The drainers are utilizing creative names rented to the hackers for a cut of the illicit proceeds.
SureTradeGroup.com is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Some of the content on this site is paid content that is not written or posted by our writers or editors and the opinions expressed do not reflect the opinions of this website. Any disagreement you may have with brands or companies mentioned in articles will need to be taken care of directly with those specific brands and companies. The responsibility of anyone who may click links in our articles and ultimately sign up for that product or service is their own. Forex, Stocks, Cryptocurrencies, NFTs and Dogital Tokens are all a high-risk asset, investing in them can lead to losses. Readers should do their own research before taking any action.