The attacker invested at least $484,000
The hacker behind the attack on Ledger Link Library stole nearly $484,000 in assets, blockchain analytics platform Lookonchain reported. Ledger has not confirmed the figures yet, but the impact of the security breach could be in the hundreds of thousands, according to the company.
Users on Twitter reported the incident on December 14, claiming that the popular Web3 connector was compromised, allowing malicious code to be injected into several decentralized applications (DApps).
Protocols affected by the incident include Zapper, SushiSwap, Phantom, Balance, and Revoke.cash, but the damage may be even greater. According to some users on X, the vulnerability could be caused by other similar programs like LedgerHQ/connect-kit.
According to MetaMask, the hack also affects its users. The wallet provider has rolled out a fix for its platform with the latest version v2.121.0, which allows users to “re-transact and update automatically”. Please refresh your site data if you are not on this version.
Most of the tweets about the book are wrong.
Here's what you need to know.
All active Ethereum wallets are at risk.
Do not connect any ethereum/evm wallets to any apps until further notice
It doesn't matter if it is a notebook or not
If you don't use your wallet today, you're fine
— Udi Wertheimer (@udiWertheimer) December 14, 2023
Three hours after the incident, Ledger reported that the malicious version of the file was replaced by the genuine version around 1:35 pm UTC. The company is warning users to “always clear the sign” and says the addresses and information provided on the mail screen are only accurate information.
“If there is a discrepancy between the screen displayed on your Ledger device and your computer/phone screen, stop the transaction immediately.”
We have identified and removed a malicious version of Ledger Connect Kit.
Now a genuine version is being pushed to replace the malicious file. Do not connect to any dApps for now. We will keep you updated as the situation improves.
Your recording device and…
— Ledger (@Ledger) December 14, 2023
Since the event, several protocols have disabled the library. Stablecoin issuer Tether blocked the exploiter's address, according to Paolo Arduino.
Tether just stopped using the Ledger address
— Paolo Ardoino (@paoloardoino) December 14, 2023
This is a developing story, and more information will be added as it becomes available.