Recent events have brought to light the Ledger supply chain breach, a cybercrime incident that led to the theft of $600,000 in virtual assets.
For those who don't know, Ledger is a company that develops hardware and software-based cryptocurrency wallets.
Recent reports state that the cryptocurrency wallet security breach was a consequence experienced as a result of a former employee falling prey to a phishing attack.
In this article, we'll dive into the details of the Ledger breach and cryptocurrency theft to see what actually happened.
Although details of the threat actors are unidentified, details reveal that a malicious version of the Ledger Connect Kit was utilized for the execution of the cryptocurrency wallet security breach.
The Connect Kit is a library used to connect decentralized applications made by other companies to Ledger wallets.
After the former employee fell victim to a phishing ploy, attackers were then able to access Ledger's NPM account and push three malicious version modules that include 1.1.5, 1.1.6, and 1.1.7.
This allowed them to propagate a crypto drainer malware to other applications functioning with dependency on the module and launch a full-scale supply chain attack.
As per the Ledger chairman's letter, published on the website, the cryptocurrency wallet security breach was live for five hours.
Once the transactions were complete, stolen funds in Ledger breach were transferred to a wallet controlled by the threat actor.
As far as preventing supply chain attacks in crypto is concerned, security teams at Ledger were altered, and a fix was deployed within 40 minutes.
Teams at Ledger were able to connect with WalletConnet, who then disabled the rogue project.
It's worth noting that the monetary impact of Ledger's supply chain attack would have been significantly higher had the fund transfers continued for the complete duration of the attack.
As per the official statement, the verified Ledger Connect Kit version 1.1.8 is safe to use.
To ensure the security of crypto assets, Ledger, along with WalletConnect and other partners, have reported the threat actor's wallet address.
The team currently believes that stolen funds in the Ledger breach were transferred to the address mentioned below.
Ledger, along with reporting the address, is also pursuing legal action.
The Ledger wallet breach consequences and monetary implications serve as a stark reminder for the implementation of security measures for cryptocurrency crime.
The Ledger supply chain breach, initiated from a phishing attack, quickly transitioned into an infamous incident.
Ledger was quick to identify the malicious activity and deploy the necessary fixes to contain the damages.
This Cyber News was published on securityboulevard.com. Publication date: Tue, 26 Dec 2023 07:43:04 +0000