In a recent security breach, unknown attackers targeted Ledger, a popular hardware wallet provider, with the aim of exploiting their LedgerConnect kit. The attack involved injecting a “wallet-draining payload” into the NPM package, which allowed the attackers to hijack the front end of multiple apps and steal hundreds of thousands of dollars worth of assets. The attack specifically targeted the NPM connector, which is crucial for securely connecting and managing assets online for Ledger wallet clients.
Analysts have categorized this attack as a “supply chain attack” since it targeted a critical infrastructure that could impact all protocols, regardless of the blockchain. In supply chain attacks on DeFi protocols, hackers often target trusted service providers, such as wallet providers or exchanges, to steal funds.
Following the attack, Ledger responded by deleting the malicious file and replacing it with a genuine version. They also reminded users to be cautious before signing off on transactions and emphasized that the addresses and information displayed on their interface are the only reliable sources of information. However, over $480,000 worth of assets were stolen before the error was patched.
Despite the breach, Ledger assured its clients that their devices were not compromised. Wintermute’s Head of Research reported that a script infected with malware was uploaded to Ledger’s NPM register, but Ledger took swift action to address the issue.
Overall, this attack highlights the vulnerability of supply chain attacks and the importance of remaining vigilant when engaging in cryptocurrency transactions. Users should exercise caution and rely on trusted sources of information to protect their assets.
This News Article was automatically generated by Bob the Bot (AI)
Information | Details |
---|---|
Geography | Global |
Countries | |
Sentiment | negative |
Relevance Score | 1 |
People | Paolo Ardoino, ZachXBT, Igor Igamberdiev |
Companies | Hey, NPM, Ledger, Solana, Lookonchain, Blockaid, Wintermute, Zapper, ZachXBT, Paolo Ardoino, Ethereum, Sushi, Tether |
Currencies | Tether |
Securities | None |