Ledger Connect Kit Hackers Stole $484,000 By Exploiting Vulnerabilities

Key Points:

• $484,000 was stolen by Ledger Connect Kit hackers, affecting multiple dApps.
• Users are advised to pause dApp usage and enable Blockaid for added security.
• Tether freezes the hacker’s address to prevent further unauthorized transactions.

In a recent security incident, Ledger Connect Kit hackers stole approximately $484,000 in assets, raising concerns about the safety of decentralized applications (dApps) relying on the Ledger module. 

Ledger Connect Kit Hackers Shake DeFi Platforms

Lookonchain monitoring revealed that the Ledger Connect Kit hackers transferred 4,334 ETH to an account named Angel Drainer, which currently holds a staggering $363,000 in assets.

The compromised version of the Connect Kit, a crucial library facilitating the connection between Ledger hardware wallets and dApps, was initially identified by developers on Twitter. While SlowMist clarified that the Ledger wallet itself remained secure, the breach affected several dApps that utilized the compromised library, including Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash.

Ledger promptly addressed the issue, reporting that the malicious version of the Connect Kit file was replaced with the authentic version approximately three hours after the security breach was discovered, at around 1:35 p.m. UTC. Ledger assures users that the problem has been resolved.

MetaMask also detected the impact of the Ledger Connect Kit hackers on its platform. In response, MetaMask advises users to refrain from using dApps until the issue is fully resolved. To enhance security, MetaMask users are encouraged to enable Blockaid functionality in the MetaMask Extension before executing any transactions in their portfolio.

Tether has taken a proactive stance by freezing the hacker’s address associated with the Ledger Connect Kit breach. This move aims to prevent further unauthorized transactions and protect user assets.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.