Ledger has updated its version, vulnerability caused by former employee falling for phishing, Tether freezes hacker address
The Ledger hardware wallet recently experienced a large-scale security vulnerability, leading to multiple third-party DApps being attacked. Hackers managed to steal approximately $484,000, but the funds were frozen by Tether. Ledger has urgently released an updated version to patch the vulnerability and is cooperating with law enforcement to recover the funds.
Ledger hit by major security breach, numerous DApps affected, SlowMist: Do not operate, wait patiently for updates from all parties
Table of Contents
Ledger Emergency Update
Ledger has released an update to Ledger Connect Kit version 1.1.8 in the early morning and confirmed that the malicious code has been deactivated.
Although users can now safely use it, Ledger still recommends waiting for 24 hours and deleting browser cache.
UPDATE: The genuine Ledger Connect Kit 1.1.8 is now fully propagated. Ledger and WalletConnect can confirm that the malicious code was deactivated. You are now safe to use your Ledger Connect Kit. Reminder that that we always encourage clear signing.
— Ledger (@Ledger) December 14, 2023
Tether CEO: Hacker Address Frozen
The total amount affected has not yet been confirmed, but blockchain tracking entity Lookonchain has indicated that a hacker stole $484,000.
The address was promptly frozen by Tether.
Ledger CEO also mentioned that they have been in contact with law enforcement and will assist affected users in recovering their funds.
Tether just froze the Ledger exploiter address
— Paolo Ardoino 🍐 (@paoloardoino) December 14, 2023
Ledger CEO Incident Report
CEO Pascal Gauthier elaborated on this incident in a lengthy post, summarized as follows:
The crypto industry collaborated with Ledger to address the Ledger Connect Kit vulnerability, which was active for less than two hours.
- This vulnerability was caused by a former Ledger employee falling victim to a phishing attack.
Ledger promptly froze the funds, collaborated with law enforcement, and assisted affected users in fund recovery.
This vulnerability does not and will not affect Ledger hardware devices or Ledger Live, past or present.
This vulnerability is limited to third-party DApps using the Ledger Connect Kit.
Related
- Exchange BingX confirms hacking incident, wallets under maintenance, losses will be fully compensated
- Inventory of Hacking Incidents in the First Half of 2024: Losses Amounted to $1.38 Billion, Doubled from the Same Period Last Year
- Kraken hit by white hat ransomware attack, loses 3 million euros, Certik: Threatened by Kraken