Former Staffer Tied to $484K DeFi Heist via Ledger Exploit

Jonathan Stoker Dec 14, 2023, 18:25pm 97 views

Former Staffer Tied to $484K DeFi Heist via Ledger Exploit

Connect Kit GitHub Library Puts $484,000 at Risk due to Hacker Activity

A malicious code input into the Connect Kit GitHub library by hackers led to the theft of $484,000 last Thursday. The blockchain software managed by Ledger, a renowned crypto wallet company, is frequently utilized by numerous major decentralized finance (DeFi) protocols. These protocols have been significantly affected, leading to warnings for users to refrain from using decentralized apps (dApps) until the protocols are updated.

About Ledger's Connect Kit

The Connect Kit offered by Ledger is a piece of code enabling DeFi protocols to interact with crypto hardware wallets. The exploit potentially influences the front-end of all protocols that utilize the Connect Kit. Notable examples include Sushi, Lido, Metamask, and CoinbaseCoinbase.

The Incident and Ledger's Response

In a post published last Thursday, Ledger acknowledged the incident, verifying that an employee had fallen victim to a phishing attack. Following this, the assailant published a malicious version of the Ledger Connect Kit. A spokesperson for Ledger informed that the company had identified and removed a malicious version of the Ledger Connect Kit, and added in their post that the window where funds were drained was limited to a period of less than two hours.

Blockchain Security and Risks

Ido Ben-Natan, the CEO of Blockaid, a blockchain security company, stated in a Telegram message that many websites are still affected and users are getting hit. Complete risk mitigation necessitates every protocol using Ledger's Connect Kit to manually update their library version. In the meantime, several protocols, primarily revoke.cash - a service used to remove permissions from DeFi protocols, continue to be at risk.

The Impact of the Hack

DeFi-related hacks have been a recurring issue this year, with $303 million being stolen in July alone due to vulnerabilities in Curve Finance and MultichainMultichain$1.85 -0.21%. Users frequently turn to websites such as revoke.cash to remove permissions from affected protocols after such hacking incidents. In this particular case, however, the front-end of websites, as opposed to hot wallets, have been impacted. As a result, revoke.cash users will be asked to connect their wallets to a malicious token drainer, expanding the hack's reach to any contents within a user's wallet.

MetaMask Responds

MetaMask announced that it had successfully implemented a fix to eliminate the malicious code two hours post the occurrence of the hack.

Concerns Around Decentralized Applications

The nature of this exploit draws attention to the fragility of decentralized applications. As different protocols utilize code from various software providers like Ledger, multiple points of failure exist along the supply chain that can ultimately impact users.

Previous Security Issues with Ledger

In 2020, Ledger fell victim to security issues when its entire customer database was leaked. This led to concerns about possible sim swapping and home invasion attacks. The company also faced controversy recently when a software update revealed discrepancies between the security of its hardware and its marketing to users.

Edited by Jonathan Stoker

How do you like the article?

Join the discussion on

You may also like

Advertisement

Articles in same category

Advertisement

Coins in same category

Advertisement

Join our community

Help moderate our articles, rate content and show your support!

We want you to be part of the first automated crypto-magazine.

Join us today