BasEx | Ledger Wallet Connector Hack and Its Impact on DApps Users
Ledger users affected by the hacking of the wallet connector with dapps
15.12.2023
Ledger Users Affected by the Hacking of the Wallet Connector with Dapps

Hardware wallet developer Ledger discovered a vulnerability in the software library used by decentralized applications. A hacker managed to inject malicious code into their interfaces.

On December 14th, around 4:35 AM (MSK), the perpetrator replaced the original version of the Ledger Connect Kit with a fake one. The attack did not affect physical devices or the Ledger Live application.

The Ledger team eliminated the threat by releasing a new version 1.1.8. However, the use of the software was not recommended for the following day.

An investigation revealed that the hacker gained access to an NPMJS account through a phishing attack on a former Ledger employee.

The malicious file was in circulation for about 5 hours, while the theft of funds lasted approximately 2 hours. The hacker used WalletConnect to transfer assets, but eventually, his wallet was disconnected.

While Ledger did not disclose the total amount of losses, they have contacted affected customers to discuss potential compensation.

The company plans to turn to law enforcement agencies to search for the perpetrator.

The developers reminded of the importance of using the Clear Sign function for signing transactions and the need to halt the operation if the information on the wallet's display and the device's screen differs.

PeckShield reported the compromise of the Zapper and SushiSwap frontends.

CTO of Sushi, Matthew Lilly, warned against interacting with any dapps until further notice.

Balancer advised temporarily not using its interface, while Revoke.cash disabled its website.

BlockAid reported losses of over $150,000 by projects. The list of potentially affected sites included Sushi, Zapper, MetalSwap, and EchoDEX.

Many commentators under Ledger's announcement questioned how a former employee managed to retain access to a critically important account.

For more detailed information, as well as discounts, check out our Telegram.