Ledger ‘Hardware’ Wallet Hacked, About $484,000 Lost In Heist

The post Ledger ‘Hardware’ Wallet Hacked, About $484,000 Lost In Heist appeared on BitcoinEthereumNews.com.

Hardware wallet provider Ledger was the target of a sophisticated hack incident, which led to the theft of about $484,000 in assets.  The hack was linked to a former Ledger employee who fell victim to a phishing attack. The hack happened when a former employee was tricked into giving access to their account, allowing the attacker to publish malicious versions of the Ledger Connect Kit. About $150,000 was stolen initially, although it was later reported that the money lost had reached about $484,000.  The malicious code was active for around five hours, but Ledger’s technology and security teams quickly responded and fixed the problem within 40 minutes with the help of WalletConnect and Tether, who also froze the hacker’s wallet. FINAL TIMELINE AND UPDATE TO CUSTOMERS: 4:49pm CET: Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again. The investigation continues, here is the timeline of what we know about… — Ledger (@Ledger) December 14, 2023 Despite the rapid response, it was believed the window for fund drainage was less than two hours. Ledger since coordinated with WalletConnect to disable the rogue project and propagated the genuine and verified Ledger Connect Kit version 1.1.8, which was now considered safe for use. See Also: Fake Ledger Live Application Steals $588K From Microsoft Store To bolster security, the connect-kit development team on the NPM project was set to read-only mode, preventing direct pushes of the NPM package. Ledger also internally rotated the secrets to publish on its GitHub and developers were urged to ensure they were using the latest version, 1.1.8. The severity of the attack was highlighted by the substantial amount stolen, with the hacker transferring approximately 4.334 ETH to an address known as “AngelDrainer,” which currently holds…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ December 15, 2023 5:14 pm