Angel Drainer, the tool used in the Ledger hack, has been leveraging smart contracts to modify static file domains since late November.
In essence, Angel Drainer is a type of malicious software or malware that specializes in draining cryptocurrency assets from wallets. According to Etherscan data, the tool has been used since last month to update five static file domains, allowing unauthorized access to crypto assets by redirecting users to compromised versions of software or web pages.
Yesterday’s Ledger Connect Kit hack resulted in losses ranging from approximately $484,000 to over $600,000. Although the duration of the funds exfiltration was less than two hours, the malicious file remained active for approximately five hours. Ledger released genuine software updates immediately after replacing the malicious files and actively communicated with affected customers.
Using Angel Drainer in this way highlights the growing sophistication of cyberattacks targeting cryptocurrency wallet providers.