Tether freezes Ledger exploiter’s address Tether freezes Ledger exploiter’s address
The intervention comes in the wake of a security breach that led to a significant loss of funds across multiple decentralized applications (dApps).
2 min read
Updated: Dec. 14, 2023 at 5:18 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
In a move to mitigate the aftermath of the recent Ledger Connect Kit hack, Tether has proactively frozen the hacker’s address. Tether CEO Paolo Ardoino announced the freeze on social media hours after the hacker stole roughly $484,000 through a wallet drainer.
The move aims to prevent further unauthorized transactions and safeguard the assets of affected users. The intervention comes after a security breach that led to a loss of funds across multiple decentralized applications (dApps) and has heightened security concerns.
ConnectKit library compromised
A significant security breach occurred involving Ledger’s ConnectKit library, which has impacted several decentralized applications (dApps) and their users.
The breach resulted from malicious code inserted into the ConnectKit library, a crucial component used by various crypto applications for integrating with Ledger’s hardware wallet service. This code allowed a “wallet drainer” exploit, enabling unauthorized fund transfers from users’ wallets when they connected to the affected dApps.
The compromised dApps include well-known platforms like SushiSwap, Zapper, Balancer, and Revoke.cash. Users were prompted to connect their wallets to these dApps, allowing the attackers to drain funds from their accounts.
The total amount stolen by the attackers is estimated to be around $484,000.
Swift response
The Ledger team swiftly acknowledged the issue once the exploit was identified and removed the malicious code. However, they advised users to avoid using any dApps that utilize Ledger’s connector kit until further notice, as the vulnerability might still allow unauthorized fund transfers.
The team has replaced the malicious version of the Connect Kit file with an authentic version and is still evaluating the full extent of the damage as of press time.
Ledger’s hardware wallets and the Ledger Live app were not compromised in this incident. However, users have been warned to exercise caution and avoid interacting with dApps for now.
The incident serves as a reminder of the potential risks involved in connecting hardware wallets to DeFi platforms and the importance of being vigilant in approving transactions
Mentioned in this article
Author 
Assad Jafri
AJ, a passionate journalist since Yemen's 2011 Arab Spring, has honed his skills worldwide for over a decade. Specializing in financial journalism, he now focuses on crypto reporting.
Editor Editor 
Jacob Oliver
Jacob Oliver is a recovering academic and English teacher turned crypto journalist and web3 writer. He holds a Ph.D. from the University of Washington.
Latest Tether Stories
In this article
Tether Limited
Tether Limited is the company that introduced Tether (USD₮ or USDT), an asset-backed cryptocurrency stablecoin, in 2014.
Ledger
Founded in 2014, Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications.
Paolo Ardoino joined Bitfinex at the beginning of 2015 and now serves as Chief Technology Officer.