Hackers infiltrated the code supporting a cryptocurrency protocol utilized by various web3 applications and services, as reported by Ledger, a prominent crypto hardware and software wallet maker. The company warned users about a “malicious version” of its Ledger Connect Kit, a crucial library enabling decentralized apps (dApps) to link with the Ledger wallet service. Ledger promptly advised against interacting with any dApps and assured users of a replacement with the authentic version soon.
Later updates revealed that the hackers had replaced the genuine software with a malicious version hours earlier. An investigation was underway, with Ledger committed to delivering a comprehensive report once completed. Details emerged linking the incident to a former Ledger employee who fell victim to a phishing attack, compromising their NPMJS account. The malicious code, embedded within the Ledger Connect Kit, directed funds to a hacker-controlled wallet.
Responding swiftly, Ledger deployed a fix and, in collaboration with WalletConnect, disabled the rogue project, containing the attack within a limited timeframe. Despite the malicious file being live for several hours, the period where funds were siphoned was under two hours. Ledger released a confirmed secure software update and is actively assisting affected users. The company believes it has identified the hackers’ wallet. Ledger assured its six million hardware wallet users that this incident did not impact their devices.
Tal Be’ery, co-founder of crypto wallet Zengo, clarified that the hackers distributed a deceptive version of the software, aiming to deceive users into connecting their wallets to the malicious software.
