Hacker

Special Case:The Hack Of Ledger

By The Neath | The Darkside Of Crypto | 23 Jan 2024

Ledger attack highlights cryptocurrency security issues. This article examines the incident's causes, effects, response, and crypto industry implications.

Hackers stole $484,000 on Thursday by putting malicious code into the Github repository for Connect Kit, a popular blockchain program from Ledger. Several key decentralized finance (DeFi) protocols that utilize the library have been affected, and users are advised to avoid dApps until they are upgraded.(December 2023)


Code in Ledger's Connect Kit connects DeFi protocols to crypto hardware wallets. The vulnerability might affect the front-end of all Connect Kit protocols, including Sushi, Lido, Metamask, and Coinbase.

Multiple Ethereum-based apps like Zapper, SushiSwap, Phantom, Balancer and Revoke.cash were hacked early Thursday owing to a Ledger security issue. As of 13:35 UTC, Paris-based crypto hardware wallet maker Ledger claimed it corrected the malicious code and advised customers to “Clear Sign” transactions to guarantee they were using their website and software.

How many decentralized applications (dapps) were impacted and how much money was lost is unknown. Social media reports imply the exploit is prevalent. Blockaid, a blockchain security company, said that this unique “supply chain attack” on Ledger's Connect Kit, implemented throughout the decentralized finance (DeFi) ecosystem, cost $150,000 in bitcoin.

What Happened

A former Ledger employee's NPMJS account was hijacked via phishing. On NPMJS, developers host code packages. The crypto community wondered why a former employee got access to sensitive company data. After gaining access, the hacker installed a rogue Ledger Connect Kit library, which links hardware wallets to several platforms.

The hack impacted Ethereum DApps Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash. The malware's fake WalletConnect sent money to the hacker's wallet when DApp users connected. Interestingly, the assault did not impact Ledger user funds.


Ledger patched the vulnerability in 40 minutes, demonstrating the dangerous file was available for 5 hours. The company and WalletConnect ended the fake project and issued a verified Ledger Connect Kit. In order to improve security, Ledger made the NPM connect-kit development team read-only and modified secrets for publishing on their GitHub repository.

Some crypto enthusiasts suggested other wallet solutions, while others wanted Ledger to open-source its technology for transparency. Community members questioned Ledger's operational security after the incident revealed its security weaknesses.

Decentralized finance (DeFi) digital asset security is highlighted by ledger assault. This stresses the need for crypto ecosystem security, audits, and user education.

Note you can find here at Letter of Ceo  : https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit

 

Important Notice:Searching for stuff takes hours, and I attempt to tell people strictly. Due to this year's halving. Everyone should be affluent throughout the halving time. So please help me with the reference link I'll provide.

Crypto.com:  https://crypto.com/app/gyhxw9j7h3    to sign up for Crypto.com and we both get $25 USD :)

Resources

  1. https://www.coindesk.com/consensus-magazine/2023/12/14/what-we-know-about-the-massive-ledger-hack/
  2. https://zerocap.com/insights/snippets/ledger-hack-2023/
  3. https://www.coindesk.com/business/2023/12/14/ledger-exploit-drained-484k-upended-defi-former-staffer-linked-to-malicious-code/
  4. https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit
Cryptocurrency Bitcoin (BTC) Blockchain Ethereum (ETH) Crypto News

How do you rate this article?

4
The Neath
The Neath

Since I have been interested in crypto since 2020.I give back to the internet what I learned from the internet

The Darkside Of Crypto
The Darkside Of Crypto

The primary objective behind the establishment of this blog is to disseminate knowledge pertaining to the negative aspects of cryptocurrencies and their realm. Undoubtedly, this community hosts a multitude of events. As a result, the purpose of this publication is to educate individuals regarding cryptocurrencies. Additionally, it is worth noting that this publication does not hold any negative views towards cryptocurrencies, and its proprietors are crypto enthusiasts themselves.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Ancient Yeast From A Mummy Woke Up After 5,000 Years… And Made Bread Ancient Yeast From A Mummy Woke Up After 5,000 Years… And Made Bread
CineLonga

CineLonga

13 hours ago
1 minute read

Bitcoin Doesn't Need to Replace the Dollar to Win - And That's the Part Everyone Missed Bitcoin Doesn't Need to Replace the Dollar to Win - And That's the Part Everyone Missed
Manas Sakhuja

Manas Sakhuja

8 hours ago
2 minute read

The Big Irony Behind Bitcoin's Dump While US Crypto Regulation Turns Bullish The Big Irony Behind Bitcoin's Dump While US Crypto Regulation Turns Bullish
Muhammad Rizqi Musthofa Maruf

Muhammad Rizqi Musthofa Maruf

4 hours ago
4 minute read