...
...
Haider Jamal

Dec 15, 2023

Ledger Suffers Supply Chain Attack Leading To Huge Losses

In a notable security incident, unidentified malicious actors targeted Ledger, a widely-used hardware wallet provider, with the intention of exploiting their LedgerConnect kit. The attack was initially reported by Blockaid, a platform dedicated to safeguarding Web3 users. Over $480,000 worth of assets were reportedly pilfered before Ledger rectified the vulnerability.

Another hack

The assault, focused on Ledger Connector, took place on December 14th. The attackers successfully inserted a wallet-draining payload into the NPM package. Once the payload spread, assailants took control of the front end of various applications, such as Sushi, Hey, and Zapper, causing disruptions and allegedly absconding with assets valued in the hundreds of thousands of dollars.

The attack did not specifically target any particular decentralized application or blockchain, like Solana or Ethereum, rather, the hackers sought to exploit all protocols whose users utilized the LedgerConnect kit for asset management or transfers. To comprehend the execution of the hack, the hackers specifically directed their efforts toward the Ledger NPM. This connector plays a crucial role in facilitating secure online connection and management of assets for typically off-chain Ledger wallet clients.

Time for damage control

NPM, in addition to providing a gateway to wallets, also serves as an interface. Through this interface, developers can integrate Ledger hardware wallets into applications, enabling Ledger users to securely participate in NFTs, DeFi, and other activities. Given that this attack aimed at exploiting a vital Ledger infrastructure capable of affecting all protocols irrespective of blockchain, analysts now categorize it as a supply chain attack. In DeFi protocol supply chain attacks, hackers target trusted service providers, primarily wallet providers or exchanges, to pilfer funds.

Responding to the incident, Ledger acknowledged that a script infected with malware was uploaded to the NPM register at 9:44 AM UTC. However, Ledger promptly took action, stating that they deleted the malicious file and replaced it with a genuine version approximately four hours after the malicious upload, around 1:35 PM UTC.

Top News


cw-icon 33 months ago
Read more latest news

Press Releases

...
Terra
Do Kwon Trial Begins Despite The Founder

7 months ago Mar 26, 2024

The civil fraud trial involving Ter... Read more

...
Goldman
Goldman Sachs Clients Look To Get Back

7 months ago Mar 25, 2024

Institutional clients served by the... Read more

...
Payments
New Payment Limit For Crypto Wallets Scrapped

7 months ago Mar 25, 2024

The recent Anti-Money Laundering re... Read more

...
Bitcoin
Bitcoin Undergoes Price Correction As International Economies

7 months ago Mar 24, 2024

A significant portion of the crypto... Read more

Join Our Newsletter

Get the latest trends and updates on our crypto community.