Crypto wallet firm Ledger experienced a security breach on Thursday (Dec. 14) in which hackers managed to steal $484,000.
The hackers did so by inserting malicious code into Ledger’s widely used blockchain software, Connect Kit, CoinDesk reported Thursday.
“Ledger’s technology and security teams were alerted and a fix was deployed within 40 minutes of Ledger becoming aware,” Ledger said in a Thursday post on X. “The malicious file was live for around 5 hours, however we believe the window where funds were drained was limited to a period of less than two hours.”
FINAL TIMELINE AND UPDATE TO CUSTOMERS:
4:49pm CET:
Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.
The investigation continues, here is the timeline of what we know about…
— Ledger (@Ledger) December 14, 2023
Ledger’s Connect Kit is a crucial piece of code that allows DeFi protocols to connect with crypto hardware wallets, according to the CoinDesk report.
The malicious code inserted by the hackers potentially affects the front-end of various protocols, including popular platforms like Sushi, Lido, Metamask and Coinbase, the report said. As a result, users have been advised to refrain from using decentralized apps (dApps) until the affected protocols are updated.
In response to the breach, Ledger identified and removed the malicious version of the Connect Kit, per the report. However, the risk is not completely mitigated as many websites are still affected, leaving users vulnerable to potential attacks.
To ensure complete security, all protocols utilizing Ledger’s Connect Kit must manually update their library versions, blockchain security firm Blockaid’s CEO, Ido Ben-Natan, said in the report.
One specific service affected by the exploit is revoke.cash, which allows users to remove permissions from impacted DeFi protocols, according to the report. However, in this case, the front-end of websites have been compromised, prompting revoke.cash users to connect their wallets to a malicious token drainer. This expands the scope of the hack, potentially compromising any assets held in a user’s wallet.
This incident highlighted the fragile nature of decentralized applications, as they rely on code from various software providers like Ledger, the report said. With multiple points of failure along the supply chain, any vulnerability can have severe consequences for users.
Ledger has previously faced security issues, including a data breach in 2020 that exposed its customer database, per the report. This incident raised concerns about sim swapping and home invasion attacks. Additionally, the company faced controversy over discrepancies between the marketed security of its hardware and the actual vulnerabilities revealed through a software update.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More