Recently, a supply chain attack targeted leading cryptocurrency wallet provider Ledger, compromising its front-end services through the introduction of malicious code. This breach resulted in the loss of crypto assets valued in the hundreds of thousands, affecting various decentralized protocols and users so far.
Hackers stole nearly $484,000 from Ledger
Hackers stole $484,000 by embedding harmful code into the Github library of Connect Kit, a leading blockchain software run by crypto wallet company Ledger. This infiltration affected many key decentralized finance (DeFi) protocols leveraging the library. Users are warned to refrain from using decentralized applications (dApps) until these systems receive updates.
The interfaces of several decentralized applications (DApps) using Ledger’s connector, such as Zapper, SushiSwap, Phantom, Balancer and Revoke.cash, were breached. Approximately three hours after this security incident was detected, Ledger announced that the compromised version of the file had been replaced with the authentic version around 1:35 p.m. UTC.
By the time Ledger responded, the hacker had already siphoned off more than $484,000 in cryptocurrency, as reported Watch on the channel. The author transferred 4,334 Ethereum to Angel Drainer, who currently holds around $363,000 in crypto assets. Meanwhile, Tether froze the account’s ability to transfer $44,000 in USDT, leaving around $412,000 in STETH, USDC, and other digital assets.
The recent security breach also affected MetaMask users. The wallet provider has implemented a patch update for its platform. They announced that users with the most recent version, v2.121.0, should now be able to transact normally and will receive updates automatically. MetaMask advises users who are not using this version to refresh their site data to ensure security and functionality.
Users are still at risk
Although Ledger updated its own code, Ido Ben-Natan, CEO of blockchain security company Blockaid, said that “many websites are still vulnerable and users continue to face risks.” To completely eliminate the risk, each protocol using Ledger Connect Kit must manually update its library version. In the meantime, some protocols, including revoke.cash, which is used to revoke permissions from DeFi protocols, remain exposed.
Ben-Natan warned: “Revoke.cash, in particular, is vulnerable, so it is advisable not to engage with it. In the last two hours alone, hundreds of thousands of dollars have been affected.”
This year has seen a high frequency of DeFi-related hacks, with a whopping $300 million theft in July alone due to exploits targeting Curve Finance and Multichain. Following such security breaches, users often turn to websites like revoke.cash to revoke permissions from affected protocols.
In this case, the impact primarily affected the front-end of websites, rather than hot wallets. As a result, revoke.cash users will be asked to link their wallets to a malicious token drainer, expanding the potential scope of the hack to encompass all assets in a user’s wallet.