Attack on Ledger crypto wallet leads to huge money thefts

Anna Tarazevich | Pexels; Bei der Wahl der idealen Krypto-Börse sind so einige Faktoren von großer Bedeutung.

(Image credit: Anna Tarazevich | Pexels)

Crypto giant Ledger spent December 14 warning users not to interact with web3 decentralized apps amid concerns over a supply chain attack.

The attack on the ‘Ledger dApp Connect Kit' library was found to be pushing a JavaScript wallet drainer, the company found.

Ledger has since confirmed that it was the victim of a phishing attack and that the error has been rectified, leaving users free to continue using Ledger Connect Kit

Crypto attack could have been avoided

Ledger confirmed at 4:49pm CET via a post on X that a former employee had fallen victim to a phishing attack which compromised their NPMJS account. The attacker used the compromised account to publish a malicious version of the Ledger Connect Kit, which used a rogue WalletConnect project to reroute funds to the hacker’s wallet.

Crypto researcher ZachXBT posted to X that over $610,000 had been stolen during the attack.

Ledger said that the malicious file, which affected versions 1.1.5, 1.1.6, and 1.1.7, was live for around five hours, but that the fund draining took place in a shorter period of around two hours. A fix was issued within 40 minutes of Ledger becoming aware, and the company has since confirmed that Ledger Connect Kit 1.1.8 is now fully propagated, and that users can continue as normal.

Ledger has also reported the attacker’s wallet address and frozen their USDT together with Tether.

Ledger CEO Pascal Gauthier has also responded to the incident, stating that the “unfortunate isolated incident” serves as a “reminder that security is not static” and that Ledger, and any other company, should continuously improve their security.

Gauthier added: “Ledger will support affected users in helping to find this bad actor, bring them to justice, track the funds, and work with law enforcement to help recover stolen assets from the hacker.”

More from TechRadar Pro

Criminals are making thousands every day by spoofing crypto researchers on X
Worried your data could be at risk? Check out the best ID theft protection
Boost your online protection with the best firewalls

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!