According to Lookonchain, a blockchain analytics platform, hackers who targeted the Ledger connector library managed to abscond with assets valued at nearly $484,000. While Ledger has not officially verified these numbers, the company acknowledged the breach's potential impact, estimating it to be in the hundreds of thousands.
Reports of the incident surfaced on December 14 via users on Twitter, asserting that the widely-used Web3 connector had been compromised. This breach enabled the injection of malicious code into multiple decentralized applications (DApps), impacting several protocols such as Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash. However, the scope of the damage might extend further. Some users on Twitter speculated that similar programs replacing LedgerHQ/connect-kit might also harbor the same vulnerability.
MetaMask, a popular wallet provider, confirmed the hack's impact on its users. In response, the platform promptly implemented a solution for its users, urging those on the latest version, v2.121.0, to resume transactions as they would receive automatic updates. For users not on this version, MetaMask advised refreshing website data to mitigate risks. Approximately three hours following the incident, Ledger reported the replacement of the malicious file version with the legitimate one around 1:35 PM UTC. The company cautioned its users to verify transactions displayed on their Ledger device screen, emphasizing that discrepancies between the device screen and the computer/phone screen should immediately halt the transaction.
In response to the breach, several protocols took preventive measures by disabling the compromised library. Tether, a stablecoin issuer, also took action by freezing the exploiter's address, as confirmed by Paolo Ardoino. Ledger advised users to exercise caution, emphasizing the importance of verifying transaction details on the device screen and halting any discrepancies between screens during transactions to ensure security.
