Ledger Hacker Drains Half a Million USD
14 Dec, 2023 ● Vijesti o kovanicama
Assets valued approximately $484,000 were hijacked by the hacker responsible for the attack on Ledger's connector library, according to blockchain analysis tool Lookonchain.
Ledger has not yet verified the numbers, but the company estimates that the impact of the security breach may be in the hundreds of thousands.
On December 14, users of the X platform reported the incident, stating that malicious code had been injected into several decentralized applications (DApps) due to a compromised popular Web3 connector.
Although Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash are among the protocols impacted by the incident, there may be more protocols at risk.
Some users on X claim that other programs that are comparable to LedgerHQ/connect-kit may also have the vulnerability.
MetaMask claims that its users are also impacted by the hack. Users running the most recent version of the wallet, v2.121.0, should be able to "transact again & will be updated automatically," according to the wallet provider, who has released a fix for the platform.
Ledger stated that at 1:35 PM UTC, the malicious version of the file had been replaced with the legitimate version, almost three hours after the incident.
The business advises users "to always Clear Sign" transactions and states that the addresses and data shown on the Ledger screen are the only authentic sources of information.
“If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.”
Since then, the library has been disabled by a number of protocols. Paolo Ardoino claims that Tether, the stablecoin issuer, also froze the exploiter address.
Sources:
https://cointelegraph.com/news/ledger-blockchain-hack-attacker-drained-484-k
https://twitter.com/lookonchain/status/1735309710356877615
https://twitter.com/udiWertheimer/status/1735308883160100996
