• Ledger quickly fixes security breach in Ledger Connect Kit, affected by malicious code that compromised transactions in dApps and DeFi.
• The company advises to check Ledger Connect Kit version 1.1.8 and collaborates with authorities to identify the cyber attacker.

Alert in the world of cryptocurrencies! Ledger, known for its hardware wallets, recently faced a cybersecurity challenge that affected its Ledger Connect Kit library, used in numerous decentralized applications (dApps). But it’s not all bad news: the company has managed to contain the threat and restore security.

The Ledger Connect Kit Attack: A Scare for the Crypto Ecosystem

On Thursday, December 14, the crypto community found itself on edge when an attack on Ledger Connect Kit was discovered. This software, essential for interacting with dApps and DeFi, was compromised by a hacker who managed to leak a malicious version. How did it happen? It turns out that a Ledger employee fell for a phishing attack, exposing his access to NPM (Node Package Manager).

Ledger’s Rapid Response: Containing the Damage

Despitethe seriousness of the situation, Ledger acted quickly. In less than 40 minutes, the company replaced the affected version with a genuine and secure one, although the vulnerability was active for about 5 hours. The company recommends not using Ledger Connect Kit for at least 24 hours and to always check for the latest version, currently 1.1.8.

What Dangers Did Users Face?

The malicious version of the software gave the attacker the ability to direct users’ funds to their own wallet via an altered interface. This meant that, without realizing it, users could be sending their cryptoassets directly to the hacker.

Mudit Gupta’s Twitter thread addresses the recent fix to the security issue detected in the Ledger Connect Kit library. Gupta provides a series of instructions and recommendations to ensure that users and developers of decentralized applications (dApps) are protected against the vulnerability.

Instructions for Users and Developers:

• Verifying the Library Version: Gupta advises users to verify whether they have the correct version of the library (1.1.8) on their systems. To do so, he suggests visiting the link https://cdn.jsdelivr.net/npm/@ledgergerhq/connect-kit@1 and checking the version. If it is not 1.1.8, users should clear their browser cache.
• Clearing Cache in Chrome: For those using Chrome, Gupta details the steps to clear the cache: press F12 to open Chrome Developer Tools, go to the ‘Application’ tab, select ‘Storage’ in the left tree and choose ‘Clear Site Data’.
• Avoid Interaction with dApps Temporarily: Gupta recommends not interacting with any dApps until you make sure you have the fixed version of the library. He warns that some applications may be integrating and directly serving the malicious library.
• Instructions to dApp Developers: Asks dApp developers to re-deploy or regenerate their packages and notify the community when it is safe to use their applications.
• Background Verification for Users: Advises users who have used any dApp in the last ~6 hours to check if they still have all their funds. If so, they are safe.
• Default Security in JavaScript Loading: Explains that, fortunately, JavaScript is loaded live by default and is not included in packages, so if you have made sure you have the latest version, you should be safe in 99.99% of dApps.
• Additional Caution: As an additional precautionary measure, Gupta suggests “not venturing anywhere today,” advising users to go to sleep and wait until the next day, assuring that everything should be fine by then.

Proactive Measures and Cooperation in the Crypto Community

Ledger has not only moved quickly to fix the problem, but has also been in contact with potentially affected customers and collaborating with authorities to track down the attacker. Companies such as Chainalysis and Tether have played a crucial role in identifying and freezing funds in the attacker’s wallet.

Tips for Developers and Users

Mudit Gupta as mentioned earlier, has advised developers to check the cache for the corrupted version and ensure that they are using Ledger Connect Kitversion 1.1.8 . This is vital to ensure that the malicious version is not being cached.

Tether’s Actions Against the Ledger Attack

In a swift response to the recent cyber attack that affected the Ledger Connect Kit library, Tether has taken decisive action to mitigate the effects of the incident. The company, known for issuing the USDT stablecoin, has frozen the attacker’s funds identified at a specific address on the Ethereum network.

Freezing of Funds by Tether

• Identification and Action by Tether: One of the addresses used by the attacker was identified and the USDT funds it contained, equivalent to 44,223 USDT, were frozen by Tether. This action was confirmed by Paolo Ardoino, CEO of Tether.
• Attacker’s Portfolio: In total, the hacker managed to accumulate $253,273.12 (USD) in the affected address, through at least 16 transactions involving ETH, USDT, SHIB, BNB and other tokens.

Implications of the Freeze and Attack

• Impact on the Network and Exchanges: The malicious address has already been identified in Etherscan and other blockchain browsers, which could lead various exchanges to block the attacker’s funds or identify him if he tries to transfer money to some other centralized exchange.
• Effects on dApps Platforms: During the attack, platforms such as Zapper and SushiSwap were compromised, and others, such as Revoke Cash, were temporarily down while the issue was being resolved.

A Reminder of the Importance of Security in the Crypto World

This incident serves as a crucial reminder of the importance of cybersecurity in the cryptocurrency ecosystem. Ledger’s quick response, along with the collaboration of the crypto community, demonstrates the resilience and commitment to security in this ever-evolving sector. While the scare was great, the reaction was even more significant, setting an example of how to address cyber challenges in the crypto world.