Hackers Stole $484K In Ledger Supply Chain Attack; Tether Steps In by Freezing Funds

3 min read

Recently, a supply chain attack targeted leading cryptocurrency wallet provider Ledger, compromising its front-end services through the introduction of malicious code. This breach resulted in the loss of crypto assets valued in the hundreds of thousands, affecting various decentralized protocols and users so far.

Hackers Stole Nearly $484K From Ledger

Hackers stole $484,000 by embedding harmful code into the Github library of Connect Kit, a prominent blockchain software managed by crypto wallet company Ledger. This infiltration has affected numerous key decentralized finance (DeFi) protocols relying on the library. Users are being cautioned to refrain from using decentralized apps (dApps) until these systems receive updates.

The interfaces of several decentralized applications (DApps) utilizing Ledger’s connector, such as Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, were breached. Approximately three hours following the detection of this security incident, Ledger announced that the compromised file version had been substituted with the authentic version around 1:35 pm UTC.

By the time Ledger responded, the hacker had already siphoned off over $484K in cryptocurrency, as reported by Lookonchain. The perpetrator transferred 4.334 Ethereum to Angel Drainer, which currently holds about $363K in crypto assets. Meanwhile, Tether has frozen the account’s ability to transfer $44K in USDT, leaving approximately $412K in STETH, USDC, and other digital assets.

The recent security breach also impacted MetaMask users. The wallet provider has implemented a corrective update for its platform. They announced that users with the most recent version, v2.121.0, should now be able to carry out transactions normally and will receive updates automatically. MetaMask advises users not on this version to refresh their site data to ensure safety and functionality.

Users Are Still At Risk

Despite Ledger updating its own code, Ido Ben-Natan, the CEO of blockchain security firm Blockaid said that “many websites are still vulnerable, and users continue to face risks.” To fully eliminate the risk, every protocol utilizing Ledger’s Connect Kit must manually update their library version. In the meantime, certain protocols, notably revoke.cash, which serves to revoke permissions from DeFi protocols, remain exposed.

Ben-Natan cautioned, “Revoke.cash, in particular, is susceptible, so it’s advisable not to engage with it. In the past two hours alone, hundreds of thousands of dollars have been affected.”

This year has witnessed a high frequency of DeFi-related hacks, with a massive $300 million stolen in July alone due to exploits targeting Curve Finance and Multichain. Following such security breaches, users often turn to websites like revoke.cash to revoke permissions from affected protocols.

In this case, the impact has primarily affected the front-end of websites, rather than hot wallets. As a result, users of revoke.cash will encounter a prompt to link their wallets to a malicious token drainer, thereby expanding the potential range of the hack to encompass all assets within a user’s wallet.

You May Also Like

More From Author

+ There are no comments

Add yours