Hackers stole $484,000 in Ledger supply chain attack. Tether Intervention by Freezing Funds

A recent supply chain attack targeted Ledger, a leading cryptocurrency wallet provider, compromising its front-end services through the introduction of malware. The breach resulted in the loss of hundreds of thousands of worth of cryptocurrency assets, affecting a variety of decentralized protocols and users to date.

Hackers stole approximately $484,000 from Ledger.

Hackers stole $484,000 by inserting harmful code into the Github library of Connect Kit, a popular blockchain software managed by cryptocurrency wallet company Ledger. This intrusion affected a number of major decentralized finance (DeFi) protocols that depend on the library. Users are being warned to refrain from using decentralized apps (dApps) until these systems receive updates.

The interfaces of several decentralized applications (DApps) utilizing Ledger’s connectors, such as Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, were compromised. About three hours after this security incident was detected, Ledger announced that the compromised version of the file had been replaced by the real version at approximately 1:35 PM UTC.

By the time Ledger responded, the hackers had already made off with over $484,000 worth of cryptocurrency, as reported by Lookonchain. The perpetrator sent 4.334 Ethereum to Angel Drainer, who currently holds approximately $363,000 in cryptocurrency assets. Meanwhile, Tether froze the account’s ability to transfer $44,000 in USDT, leaving about $412,000 in STETH, USDC, and other digital assets.

The recent security breach also affected MetaMask users. The wallet provider has implemented a corrective update to its platform. They announced that users using the latest version, v2.121.0, can now conduct transactions as normal and will automatically receive updates. MetaMask advises users who are not using this version to refresh their site data to ensure safety and functionality.

Users are still at risk

Despite Ledger updating its code, “many websites remain vulnerable and users continue to face risk,” said Ido Ben-Natan, CEO of blockchain security firm Blockaid. To completely eliminate risk, all protocols utilizing Ledger’s Connect Kit will need to manually update their library versions. In the meantime, certain protocols, such as revoke.cash, which are used to revoke permissions for DeFi protocols, remain exposed.

“Revoke.cash in particular is vulnerable and we do not recommend using it,” Ben-Natan said. “Hundreds of thousands of dollars in damage have occurred in the last two hours alone.”

DeFi-related hacks have been frequent this year, with exploits targeting Curve Finance and Multichain resulting in a massive $300 million stolen in July alone. When these security breaches occur, users often turn to websites like revoke.cash to revoke permissions for the affected protocols.

In this case, the impact was primarily on the front end of the website rather than the hot wallet. As a result, revoke.cash users are prompted to connect their wallets to a malicious token drainer, thereby expanding the potential scope of the hack to encompass all assets within the user’s wallet.