• Home
  • Scams
  • DeFi Disruption: Former Insider Unleashes Code, Draining $484K from Ledger; Exploiting Chaos

DeFi Disruption: Former Insider Unleashes Code, Draining $484K from Ledger; Exploiting Chaos

Dec 15, 2023 at 09:31 am

In a recent cyber attack, malicious actors successfully absconded with $484,000 by implanting destructive code into the Github library associated with the Connect Kit—a pivotal component of blockchain software maintained by Ledger, a prominent crypto wallet firm. The aftermath of this security breach reverberated across various decentralized finance (DeFi) protocols that heavily rely on the compromised library, prompting urgent advisories urging users to refrain from interacting with decentralized apps (dApps) until the affected protocols receive essential updates.

The Connect Kit, a foundational code streamlining the interaction between DeFi protocols and crypto hardware wallets, casts a shadow of potential repercussions on the front-end operations of numerous protocols employing it. This includes well-known platforms such as Sushi, Lido, Metamask, and Coinbase.

In an official post on Thursday, Ledger openly acknowledged the incident, revealing that one of its employees fell prey to a "phishing attack." Subsequently, the assailant unleashed a malevolent version of the Ledger Connect Kit into the public domain. A Ledger spokesperson assured Bitsday that the company promptly identified and removed the malicious iteration, specifying that the window during which funds were drained lasted less than two hours.

Despite Ledger's swift response in fortifying its code, Ido Ben-Natan, the CEO of blockchain security firm Blockaid, underscored persisting vulnerabilities. Ben-Natan noted that numerous websites remain compromised, leaving users in continued jeopardy. To achieve comprehensive risk mitigation, all protocols utilizing Ledger's Connect Kit must undergo manual updates of their library versions. Meanwhile, specific protocols, notably revoke.cash—a service instrumental in removing permissions from DeFi protocols—remain exposed to potential exploits.

In response to the ongoing situation, Ben-Natan issued a caution against engaging with revoke.cash, emphasizing that the financial impact extends to hundreds of thousands of dollars over the past two hours. This incident adds to a series of DeFi-related breaches throughout the year, with a staggering $303 million pilfered in July alone through exploits targeting Curve Finance and Multichain. Typically, users turn to platforms like revoke.cash to revoke permissions following such incidents. However, this particular compromise stands out as it primarily affects the front-end operations of websites rather than hot wallets, potentially subjecting revoke.cash users to connect their wallets with a malicious token drainer.

In a commendable response, MetaMask swiftly deployed a fix, eradicating the malicious code within two hours of the hack. This exploit underscores the inherent fragility of decentralized applications, shedding light on the susceptibility introduced by the utilization of code from multiple providers like Ledger. The incident also rekindles memories of Ledger's past security lapses, including a significant customer database leak in 2020 and controversies surrounding the security claims of its hardware products.

Read More: MetaMask App Store Update: Swift Resolution

Read more about

Related News

Sign up for daily crypto news in your inbox

Get crypto analysis, news and updates right to your inbox! Sign up here so you don't miss a single newsletter.