Ledger Patches Vulnerability Following $600k Theft

Ledger is one of the biggest names in crypto security. The tech startup has long produced its trademark “Nano” hardware wallets, often recommended as the starting point for keeping your digital assets safe. Yet, apparently, even titans can fall, as Ledger was yesterday targeted in a hack that resulted in users losing nearly USD $600k (AUD $900k) worth of funds.

Phishing Attack Gave Hacker Entrance 

In a statement to the public, Ledger announced that the hacker managed to access the backdoor code for Ledger Connect Kit through a phishing attack on a former employee. Once entry was gained, the thief published a “malicious code” that essentially re-routed transactions made via the Connect Kit directly to their wallet.

The result was the loss of nearly a million dollars, as transactions made on decentralised applications (dApps) were syphoned into someone else’s pocket. Crypto security company Blockaid believes that anywhere between 500 and 1,000 wallets suffered losses, and that it wasn’t only Ledger users that were victimised.

In a Twitter post, Ledger confirmed that the malicious code had been active for about five years before being taken down.

Following from that social media statement, Ledger also said:

We are filing a complaint and working with law enforcement on the investigation to find the attacker.

Ledger

It’s worth noting that the hardware wallets not connected to the internet remained completely safe. Access to the private keys was not granted – only those who made transactions from their wallets onto a third-party DeFi app were targeted. 

Still, the hack is a heavy blow for Ledger, which prides itself on being the paramount of security in the crypto industry. It will take time and excellent public communication for the company to rebuild the trust it had previously earned.