Former Staffer Tied to $484K DeFi Heist via Ledger Exploit

• Connect Kit GitHub Library Puts $484,000 at Risk due to Hacker Activity
• About Ledger's Connect Kit
• The Incident and Ledger's Response
• Blockchain Security and Risks
• The Impact of the Hack
• MetaMask Responds
• Concerns Around Decentralized Applications
• Previous Security Issues with Ledger

Connect Kit GitHub Library Puts $484,000 at Risk due to Hacker Activity

A malicious code input into the Connect Kit GitHub library by hackers led to the theft of $484,000 last Thursday. The blockchain software managed by Ledger, a renowned crypto wallet company, is frequently utilized by numerous major decentralized finance (DeFi) protocols. These protocols have been significantly affected, leading to warnings for users to refrain from using decentralized apps (dApps) until the protocols are updated.

About Ledger's Connect Kit

The Connect Kit offered by Ledger is a piece of code enabling DeFi protocols to interact with crypto hardware wallets. The exploit potentially influences the front-end of all protocols that utilize the Connect Kit. Notable examples include Sushi, Lido, Metamask, and Coinbase.

The Incident and Ledger's Response

In a post published last Thursday, Ledger acknowledged the incident, verifying that an employee had fallen victim to a phishing attack. Following this, the assailant published a malicious version of the Ledger Connect Kit. A spokesperson for Ledger informed that the company had identified and removed a malicious version of the Ledger Connect Kit, and added in their post that the window where funds were drained was limited to a period of less than two hours.

Blockchain Security and Risks

Ido Ben-Natan, the CEO of Blockaid, a blockchain security company, stated in a Telegram message that many websites are still affected and users are getting hit. Complete risk mitigation necessitates every protocol using Ledger's Connect Kit to manually update their library version. In the meantime, several protocols, primarily revoke.cash - a service used to remove permissions from DeFi protocols, continue to be at risk.

The Impact of the Hack

DeFi-related hacks have been a recurring issue this year, with $303 million being stolen in July alone due to vulnerabilities in Curve Finance and Multichain$1.85 -0.21%. Users frequently turn to websites such as revoke.cash to remove permissions from affected protocols after such hacking incidents. In this particular case, however, the front-end of websites, as opposed to hot wallets, have been impacted. As a result, revoke.cash users will be asked to connect their wallets to a malicious token drainer, expanding the hack's reach to any contents within a user's wallet.

MetaMask Responds

MetaMask announced that it had successfully implemented a fix to eliminate the malicious code two hours post the occurrence of the hack.

Concerns Around Decentralized Applications

The nature of this exploit draws attention to the fragility of decentralized applications. As different protocols utilize code from various software providers like Ledger, multiple points of failure exist along the supply chain that can ultimately impact users.

Previous Security Issues with Ledger

In 2020, Ledger fell victim to security issues when its entire customer database was leaked. This led to concerns about possible sim swapping and home invasion attacks. The company also faced controversy recently when a software update revealed discrepancies between the security of its hardware and its marketing to users.

Edited by Jonathan Stoker