Ledger Users Suffer a Hacker Attack

Reading Time: < 1 minute

According to Ledger, a hacker was able to compromise a software library used in decentralized applications, injecting malicious code into their interfaces.

The attacker successfully replaced the genuine version of the Ledger Connect Kit with a fake one on December 14.

Fortunately, the physical devices of users and the Ledger Live application were unaffected by the attack. The team quickly identified and removed the malicious file, and a new, unaffected version was automatically distributed.

However, they advised not to use the software for 24 hours as a precaution. Preliminary investigation results suggest that the hacker gained access to the NPMJS service account through a phishing attack targeting a former Ledger employee.

The compromised file was available for approximately 5 hours, but the team believes that the attacker only had access for 2 hours.

The hacker used WalletConnect to withdraw stolen funds, but the technology disabled the scammer’s wallet.

The company has not disclosed the amount of damages, but assures affected customers that they will be contacted to discuss compensation.

Ledger also plans to involve law enforcement in finding the perpetrator.

If you like our content and want to support us, please follow us on X, Facebook and Instagram and don’t miss the latest news!