crypto wallet Ledger

Ledger, a popular crypto hardware wallet maker, has released a new version of its npm module following a phishing attack that resulted in the theft of over $600,000 worth of virtual assets. The attack was carried out by hackers who gained access to Ledger’s npm account after a former employee fell victim to a phishing attack.

The hackers uploaded three malicious versions of the npm module, named 1.1.5, 1.1.6, and 1.1.7, which contained crypto drainer malware. These versions of the module allowed DApps (decentralized applications) to connect to Ledger’s hardware wallets. Version 1.1.7 even had an embedded wallet-draining payload, while versions 1.1.5 and 1.1.6 downloaded a secondary npm package that acted as a crypto drainer.

The malicious code utilized a rogue WalletConnect project to reroute funds to a hacker wallet. Users were presented with a fake prompt to connect their wallets, which led to the draining of funds from connected wallets. The compromised module was live for around five hours, with the active exploitation window lasting less than two hours.

Immediate Response and Lessons Learned

In response to the attack, Ledger removed the malicious versions from npm and released version 1.1.8 to address the issue. The stolen funds have been frozen by Tether, a stablecoin issuer. Ledger is actively working with affected customers and believes it has identified the hackers’ wallet.

This incident highlights the targeting of open-source ecosystems and the use of supply chain attacks in the cryptocurrency space. Hackers are increasingly exploiting vulnerabilities in the software supply chain to distribute malware. It is crucial for companies and users in the crypto industry to remain vigilant and implement robust security measures to prevent such attacks.

Ledger has warned its users to be cautious and avoid interacting with decentralized apps until the situation is fully resolved. The theft of funds through supply chain attacks is a persistent threat in the crypto industry, and users must exercise caution and verify the integrity of the software they are using.

This phishing attack on Ledger’s npm module has resulted in a significant financial loss, highlighting the importance of stringent security measures and constant vigilance in the ever-evolving crypto landscape.

By Joane

Leave a Reply

Your email address will not be published. Required fields are marked *