What You Need to Know About the Ledger Hack
Do we need to update our knowledge of cryptocurrency now that distributed ledgers can be hacked? No, don’t worry — I’m not talking about the ultra-secure blockchain itself being compromised. I’m referring to Ledger the company, those fancy hardware wallet guys. Unfortunately, turns out their systems aren’t quite as ironclad as they could have been.
Ledger got breached. So, while the impenetrable technology remains intact, it seems like some of these guys still have a thing or two to learn when locking down their stuff.
Hardware wallet provider Ledger, one of the cryptocurrency industry’s leaders in security, experienced a security breach on December 14th. Hackers compromised Ledger’s JavaScript connector library and inserted malicious code that could potentially drain wallets.
The size of the hack has risen to $504,000
Initially, it was reported that the value of the stolen funds from the hack was approximately $484,000. However, according to information provided by blockchain security service Blockaid, the total amount taken has now been updated to $504,000. The scope of the attack extends beyond just the individuals directly involved in the hack, as any Ethereum Virtual Machine (EVM) user who interacts with affected decentralized applications (Dapps) may also be at risk.
The exploit ran for less than two hours and was deactivated within 40 minutes of discovery and was limited to third-party DApps, Gauthier said. It was made possible after a former employee fell victim to a phishing scam, he said. That employee’s identity was allegedly left behind in the hacked code. Ledger hardware and the Ledger Live platform were not affected.
An Isolated Event
Ledger CEO Pascal Gauthier addressed the incident in a blog post, referring to it as an “isolated incident.” He stated that the distributed ledger technology itself was not hacked, only Ledger’s library software. Gauthier promised to implement stronger security controls to prevent such breaches in the future.
This incident serves as a reminder that even the most security-focused cryptocurrency companies can suffer breaches. However, Ledger’s underlying hardware wallet architecture remains intact. Users should still feel confident in Ledger’s core security model but should update their software to the latest version to eliminate the malicious library code.
Here’s the list of dApps that may be affected
