Ledger reports a former employee fell victim to a phishing attack
An ex-employee “fell victim to a phishing attack that gained access to their NPMJS account” in an email to Blockworks, which led to today’s attack on crypto hardware business Ledger.
After that, Ledger updated ConnectKit with the new code. Ledger reportedly applied a remedy within forty minutes after being notified, despite the malicious code remaining active for five hours.
Early Thursday, researchers discovered an attack code in the ConnectKit libraries of Ledger’s software. With ConnectKit, you may link your Ledger device to blockchain applications.
WalletConnect can disable the “rogue project”. Tether CEO Paolo Ardoino said his team had frozen the Ledger exploiter address, and Chainalysis had already disclosed it.
Ledger informed Blockworks that it is assisting affected consumers and law authorities in identifying and apprehending the perpetrator.
FINAL TIMELINE AND UPDATE TO CUSTOMERS:
Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.
The investigation continues, here is the timeline of what we know about…
— Ledger (@Ledger) December 14, 2023
Both Revoke.cash and SushiSwap took down their front-end web apps after the attack. According to what Blockworks has already said, the assault did affect Revoke.cash. Users were cautioned by SushiSwap not to engage with the sushi page.
Ledger had earlier announced that it had successfully replaced the malicious file with a legitimate one, in response to the widespread warnings on social media.
Keep in mind that the addresses and information seen on your Ledger screen are the only authentic ones. “At the same time, we would like to remind the community to always clear-sign your transactions,” Ledger stated.
The hardware company went on to say that if the display on a computer or phone doesn’t match the one on a Ledger device, users should “immediately” halt the transaction.