How Ledger Connect Hack Forced Users to Approve Malicious Transactions

A recent report from the leading crypto manufacturer in Paris Ledger confirmed that hackers had launched a malicious attack. The incident was reported by a former employee who fell into the hacker’s trap after he clicked a phishing link.

A review of the report from the probing team demonstrated that shortly after the employee clicked the phishing link, the attackers leveraged their expertise to access the employee’s NPMJS account. In this programmable account, the Ledger team stores confedential data including staff’s information.

Hackers Exploit Ledger Connect Kit

The December 14 hacking incident attracted the attention of intelligence and security firms. A report from Cyvers demonstrated that, besides the employee, the attackers tricked the Ledger users into approving some susceptible transactions on the compromised Connect Kit version.

The Cyvers team noted that the hackers drained $ 484,000 from the Ledger users who fell on their traps by unknowingly approving the transaction. 

Elsewhere, the GitHub team observed that after the hackers had gained access to Connect Kit, they updated the platform using a malicious link. The Github team noted that the Connect Kit was used to store packages for Web3 apps. 

After the attackers updated the Connect Kit, some of the Web3 applications on the platform were automatically updated to new version. These updates on the Connect Kit issued new codes to the user browsers that compromised some of the Web3 applications, such as Zapper, Phantom, Balancer, and Revoke. Cash.

Hackers Trick Ledger Users to Approve Transactions

With the changes in the crypto sector, developers have lately migrated to advanced packages that require less coding when creating decentralized applications.  Under the NPMJS account, which is JavaScript Programming Language enabled, the developer is offered an exclusive package to create new projects.The multiple benefits of the NPMJS platform have forced developers to take advantage of these accounts to build cutting-edge decentralized applications. 

However, the NPMJS has recently been targeted by the exploiters to undermine the developer’s work. A recent report demonstrated that after compromising the NPMJS accounts, they introduced a malicious attack in the Ledgers Connect Kit. This development exposed the users of the Connect Kit program to the risk of financial losses.

 From the Ledger incident, the probing noted that the bad players gained control of the program and redirected the customer’s funds to their wallets after the hacking incident. They observed that the Ledger hacking incident affected Connect Kit versions 1.1.5, 1.1.6, and 1.1.7, respectively. This forced the Ledger team to take preventive measures and remove the affected Ledger NPM pages from the Connect Kit. 

A statement from the Ledger team demonstrated that immediately after the discovery of the phishing attack, the security team took strategic action to fix the problem. The company admitted that the malicious file had been available for 5 hours. Still, the security experts managed to block the window that the attackers drained the funds from after 2 hours of the incident.

Crypto Community Criticizes Ledger Developer for Inappropriate Conduct

After an intense security assessment, the Ledger team introduced Connect Kit version 1.18 to update the existing wallets. In addition, the crypto manufacturer urged the users to avoid using the decentralized application to allow the security team to fix the technical challenge.

 The Ledger report demonstrated that normalcy will resume after 24 hours, and the company will regularly update the users on the progress to fix the technical hitch. The Ledger team explained that connecting to the decentralized application will expose the user to the inherent risk of losing confidential data and financial losses.

In a subsequent report, a spokesperson from Ledger confirmed that the security team managed to remove the malicious version of the Connect Kit. He stated that the technical team was working on developing a new understanding to replace the compromised version of the Connect Kit. 

The spokesperson advised the Ledger team to avoid interacting with the dApp at the moment. He added that the security team noted that the attack had minimal impact on the Ledger tools and the Ledger Live application. 

Market critics described the Ledger hacking incident as unacceptable behavior. The X user argued that the crypto sector is ultimately doomed if a developer could click on a phishing link. The Ledger incident created fear among the crypto community, who criticized the Ledger developers for exposing the investors to risks.

Leave a Reply

Your email address will not be published. Required fields are marked *