Threat actors responsible for attacking Ledger's connector library have stolen assets valued at approximately $484,000.
This information was given by the blockchain analysis platform Lookonchain.
Ledger has said that the security breach might have a large effect, possibly totalling hundreds of thousands of dollars, even if they are yet to confirm the actual valuation.
Direct Impact of the Hack According to a report by Cryptopolitan, the breach happened when malicious code was added to Ledger's Github repository for Connect Kit, an essential component that is required by several DeFi protocols in order to communicate with hardware wallets for cryptocurrencies.
Every application that used the Connect Kit had issues with its front end due to the malicious code.
Notable protocols affected by this security flaw were Sushi, Lido, Metamask, and Coinbase.
In regards to the incident, Ledger informed that one of its employees had fallen victim to a phishing attack, resulting in the unauthorized leak of a compromised version of the Ledger Connect Kit.
The leaked code revealed the name and email address of the former employees.
It is important to note that the developer was first believed to be behind the exploit by the cryptocurrency community.
Ledger subsequently stated that the incident was the consequence of a former employee falling for a phishing scheme.
Ledger, after acknowledging the incident, identified and removed the exploited version of the software.
Despite the swift response, the damage was already done, since the software was left vulnerable for at least two hours, in the course of which the threat actors had already drained the funds.
The company acted promptly, identifying and removing the harmful version of the software.
Despite Ledger's quick response, the damage had already been done in approximately two hours, during which the hackers drained funds.
Broader Implications for the DeFi Community This incident has raised major concerns regarding the security infrastructure of decentralized applications.
DeFi protocols frequently rely on code from multiple software providers, including Ledger, which leaves them vulnerable to multiple potential points of failure.
This incident has further highlighted the significance of boosting security protocols across the DeFi ecosystem.
The victims who were directly affected by the attack included users of services such as revoke.
The service normally used in withdrawing permissions from DeFi protocols following security breaches was compromised.
Users who were trying to protect their assets were unintentionally sent to a fraudulent token drainer, which increased the extent of the theft.
This Cyber News was published on www.cysecurity.news. Publication date: Sun, 17 Dec 2023 15:43:05 +0000