One of Ledger’s employees fell victim to a phishing attack, enabling the hacker to publish the malicious version of Ledger Connect Kit. It was live for nearly 5 hours; however, the Ledger team has stated that funds were rerouted only for a window of 2 hours.
Ledger’s technical and support teams are in touch with customers who have been affected. Efforts are underway to compensate for the issue and assist customers with all the help they seek.
Versions of the Ledger Connect Kit that were affected are 1.1.5, 1.1.6, and 1.1.7. While the genuine version of Ledger Connect Kit 1.1.8 has been propagated, customers are advised to wait at least 24 hours before using the services again. In the meantime, investigations are being conducted. Ledger has filed a complaint with law enforcement to assist them in finding the culprit.
The hacker had reportedly gained access to the NPMJS account of the Ledger employee. They had used a rogue WalletConnect project to direct funds to their account. Ledger and WalletConnect collectively disabled the rogue project; however, most of the funds were drained till then.
MetaMask alerted its community while clarifying that MetaMask Portfolio and SDK users were never at risk. Transactions were still disabled to keep them and their funds safe.
The team has spread Ledger Connect Kit version 1.1.8, according to the most recent update from Ledger. Ledger and ConnectWallet have deactivated the malicious code. Customers can now begin using the services as usual. It is recommended to clear signing and never share a 24-word Secret Recover Phase with anyone.
Developers and users were earlier asked to be careful while interacting with any dApp. They can start interacting with applications, but developers may still want to be careful about their engagements.
The community is not precisely pleased with how things have worked out. Most of them are disappointed that the hack originated after its employee became a victim of a phishing scam. Others said that it was just another day in the crypto market. Meaning, it is now common for platforms to face malicious attacks and lose funds from their customers.
That being said, the crypto market is still bullish, with a global market cap of approximately $1.61 trillion, an increase of 0.81% in the last 24 hours. The crypto market volume stands at $68.17 billion, a rise of 4.68%. Bitcoin continues to dominate the segment, followed by Ethereum and Tether USDT.
Pascal Gauthier has issued a statement regarding the Ledger Connect Kit. The company’s chief executive officer has acknowledged the issue, highlighted how it started and expressed commitment to improving in the times to come. Pascal has further emphasized the need to clear signing, adding that it will help mitigate issues like these.