In a recent attack on Ledger’s connector library, a hacker managed to abscond with assets estimated at almost $484,000, as reported by blockchain analysis platform Lookonchain. While Ledger has not officially verified these figures, the potential impact of this security breach could extend into the hundreds of thousands, according to sources within the company.
On December 14, users on Twitter sounded the alarm, revealing that a widely-used Web3 connector had fallen victim to a breach. This compromise allowed the injection of malicious code into multiple decentralized applications (DApps), affecting various protocols.
Widespread Impact on DeFi Platforms
The incident had a ripple effect across various decentralized finance (DeFi) platforms, including Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash. Concerningly, users on Twitter speculate that the vulnerability might extend to other programs resembling LedgerHQ/connect-kit.
MetaMask, a popular wallet provider, confirmed that its users were not immune to the hack. The platform swiftly deployed a fix for users on version v2.121.0, assuring them they could transact safely and would receive automatic updates. Users not on this version were urged to refresh their site data.
Ledger’s Response and User Caution
Approximately three hours after the breach, Ledger reported that the malicious file had been replaced with the authentic version around 1:35 pm UTC. The company issued a warning, advising users to always verify transactions by ensuring consistency between the information displayed on their Ledger device and their computer or phone screen.
In response to the incident, several protocols took preventive measures by disabling the compromised library. Tether, a prominent stablecoin issuer, went a step further and froze the explorer’s address, as confirmed by Paolo Ardoino.