November 8, 2024

Rise To Thrive

Investing guide, latest news & videos!

Ledger attacker drained at least $484K

2 min read
Ledger attacker drained at least 4K

The hacker behind the attack on Ledger’s connector library had stolen at least 4.334 Ether (ETH) worth nearly $484,000, according to blockchain analysis platform Lookonchain. Ledger has not yet confirmed the figures, but the impact of the security breach could be in the hundreds of thousands, according to the company.

Users on X (formerly Twitter) flagged the incident on Dec. 14, claiming that a popular Web3 connector was compromised, allowing malicious code to be injected into multiple decentralized applications (DApps).

Protocols affected by the incident include Zapper, SushiSwap, Phantom, Balancer and Revoke.cash, but the damage could be even greater. According to some users on X, the vulnerability could exist in other, similar programs that are alternatives to LedgerHQ/connect-kit.

According to MetaMask, th

Nearly three hours after the incident, Ledger reported that the malicious version of the file had been replaced with the genuine version around 1:35 pm UTC. The company is warning its users “to always Clear Sign” transactions, adding that the addresses and the information presented on the Ledger screen are the only genuine information:

“If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.”

Several protocols have disabled the library after the incident. Stablecoin issuer Tether also froze the exploiter address, according to Paolo Ardoino, 

This is a developing story, and further information will be added as it becomes available.