Earlier today, crypto hardware wallet maker Ledger confirmed that its connector library had been compromised after attackers replaced a genuine version with a malicious file. Following the incident, several decentralized applications (dApps) faced potential exploits, with the attacker managing to siphon over $500,000 from multiple wallets.
In this report, CryptoSlate brings you an analysis of the incident, its key events and its implications.
In a vast job on social media platform .
Subsequently, hackers released modified versions of the Ledger Connect Kit, which contained malicious code. This code was used in a deceptive WalletConnect that redirects funds to a wallet controlled by the hacker.
The malicious versions trick users into displaying fake prompts when logging into the dApp interface, causing fake transactions to be inadvertently approved. By clicking on these prompts, you are unintentionally signing a transaction that could empty the user’s wallet.
However, the security flaw does not directly impact the Ledger wallet or compromise seed phrases. The risk only appears once users connect their wallet to a dApp.
Ledger solves the problem
Ledger quickly resolved the issue by replacing the Ledger Connect malware kit with a genuine version. The hardware wallet manufacturer confirmed the fix and promised that a full report would be released soon. The company said.
“Ledger’s technology and security teams were alerted and a fix was deployed within 40 minutes of Ledger becoming aware. The malicious file remained active for approximately 5 hours, but we believe the window during which funds were drained was limited to a period of less than two hours.
Additionally, users were reminded to clearly sign their transactions, ensuring consistency between the information displayed on the computer or phone screen and that on the Ledger device.
Users have also been advised to avoid using the cached malicious library and clear the cache if it is already in use.
Despite the patch and concerns generated by the compromise, on-chain detective ZachXBT reported these $610,000 were embezzled from various wallets.
Paolo Ardoino, CEO of Tether, revealed that the stablecoin issuer immediately froze the exploiter’s wallet. “Tether just froze the address of the Ledger operator,” Ardoino said. The wallet contained approximately $44,000 worth of USDT.
Freezing means the wallet can no longer send USDT to other addresses. He may, however, continue to carry out other transactions.
Can you use your Ledger wallet?
As noted, the security flaw does not directly impact the Ledger wallet or compromise seed phrases. This means Ledger users can continue to use their hardware wallets.
However, they are advised to avoid interacting with decentralized applications until otherwise indicated by these platforms.
Meanwhile, Ledger told developers that the genuine version of the compromised Connect Kit had been automatically propagated. “We recommend waiting 24 hours before using the Ledger Connect kit again,” the company added.