Ledger Hack: Phishing Attack On Former Employee Leads To $484,000 Crypto Heist

by Murtuza Merchant, Benzinga Staff Writer
December 14, 2023 2:00 PM | 2 min read | Make a Comment
Zinger Key Points
  • The hacker transfers around 4.334 ETH to "AngelDrainer," accumulating assets worth approximately $484,000.
  • Tether freeze's the hacker's assets, demonstrating the crypto community's collaborative response to security threats.

Crypto hardware wallet provider Ledger was the target of a sophisticated hacking incident, which led to the theft of approximately $484,000 in assets. It was linked to a former Ledger employee who fell victim to a phishing attack.

The incident unfolded when the former employee's NPMJS account was compromised, allowing the attacker to publish malicious versions of the Ledger Connect Kit.

This compromised software utilized a rogue WalletConnect project to divert funds to a hacker-controlled wallet.

The malicious code was active for around five hours, but Ledger's technology and security teams responded, deploying a fix within 40 minutes of becoming aware of the breach, Ledger stated.

Despite the rapid response, it was believed the window for fund drainage was less than two hours.

Ledger since coordinated with WalletConnect to disable the rogue project and propagated the genuine and verified Ledger Connect Kit version 1.1.8, which was now considered safe for use.

To bolster security, the connect-kit development team on the NPM project was set to read-only mode, preventing direct pushes of the NPM package.

Also Read: Basel Committee Finalizes New Standards, Allows Central Banks To Hold Crypto In Reserves

Ledger also internally rotated the secrets to publish on its GitHub and developers were urged to ensure they were using the latest version, 1.1.8.

The severity of the attack was highlighted by the substantial amount stolen, with the hacker transferring approximately 4.334 ETH to an address known as "AngelDrainer," which currently holds assets worth around $363,000.

In response to this, Ledger, along with partners such as WalletConnect, reported the bad actor’s wallet address, now visible on Chainalysis.

Tether USDT/USD took action by freezing the bad actor’s assets, showcasing the collaborative efforts within the cryptocurrency community to address such security breaches.

The company reiterated the importance of using the Clear Sign feature on Ledger devices to ensure transaction authenticity and advised customers to wait 24 hours before using the Ledger Connect Kit again, as a precautionary measure.

Read Next: Cryptos Upbeat As Fed Maintains Status Quo — Solana, Avalanche And Dogecoin Rebound

Photo: Shutterstock

Market News and Data brought to you by Benzinga APIs

© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Posted In: CryptocurrencyNewsLegalMarketsBlockchain TechnologyDigital WallethackhackerhackingLedgerPhishing attackWalletConnect
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!