Tether freezes Ledger exploiter’s address
The intervention comes in the wake of a security breach that led to a significant loss of funds across multiple decentralized applications (dApps).
In a move to mitigate the aftermath of the recent Ledger Connect Kit hack, Tether has proactively frozen the hacker’s address. Tether CEO Paolo Ardoino announced the freeze on social media hours after the hacker stole roughly $484,000 through a wallet drainer.
The move aims to prevent further unauthorized transactions and safeguard the assets of affected users. The intervention comes after a security breach that led to a loss of funds across multiple decentralized applications (dApps) and has heightened security concerns.
ConnectKit library compromised
A significant security breach occurred involving Ledger’s ConnectKit library, which has impacted several decentralized applications (dApps) and their users.
The breach resulted from malicious code inserted into the ConnectKit library, a crucial component used by various crypto applications for integrating with Ledger’s hardware wallet service. This code allowed a “wallet drainer” exploit, enabling unauthorized fund transfers from users’ wallets when they connected to the affected dApps.
The compromised dApps include well-known platforms like SushiSwap, Zapper, Balancer, and Revoke.cash. Users were prompted to connect their wallets to these dApps, allowing the attackers to drain funds from their accounts.
The total amount stolen by the attackers is estimated to be around $484,000.
Swift response
The Ledger team swiftly acknowledged the issue once the exploit was identified and removed the malicious code. However, they advised users to avoid using any dApps that utilize Ledger’s connector kit until further notice, as the vulnerability might still allow unauthorized fund transfers.
The team has replaced the malicious version of the Connect Kit file with an authentic version and is still evaluating the full extent of the damage as of press time.
Ledger’s hardware wallets and the Ledger Live app were not compromised in this incident. However, users have been warned to exercise caution and avoid interacting with dApps for now.
The incident serves as a reminder of the potential risks involved in connecting hardware wallets to DeFi platforms and the importance of being vigilant in approving transactions