The attacker invested at least $484,000

The attacker invested at least $484,000



The hacker behind the attack on Ledger Link Library stole nearly $484,000 in assets, blockchain analytics platform Lookonchain reported. Ledger has not confirmed the figures yet, but the impact of the security breach could be in the hundreds of thousands, according to the company.

Users on Twitter reported the incident on December 14, claiming that the popular Web3 connector was compromised, allowing malicious code to be injected into several decentralized applications (DApps).

Protocols affected by the incident include Zapper, SushiSwap, Phantom, Balance, and Revoke.cash, but the damage may be even greater. According to some users on X, the vulnerability could be caused by other similar programs like LedgerHQ/connect-kit.

According to MetaMask, the hack also affects its users. The wallet provider has rolled out a fix for its platform with the latest version v2.121.0, which allows users to “re-transact and update automatically”. Please refresh your site data if you are not on this version.

okex

Three hours after the incident, Ledger reported that the malicious version of the file was replaced by the genuine version around 1:35 pm UTC. The company is warning users to “always clear the sign” and says the addresses and information provided on the mail screen are only accurate information.

“If there is a discrepancy between the screen displayed on your Ledger device and your computer/phone screen, stop the transaction immediately.”

Since the event, several protocols have disabled the library. Stablecoin issuer Tether blocked the exploiter's address, according to Paolo Arduino.

This is a developing story, and more information will be added as it becomes available.

Leave a Reply

Pin It on Pinterest