December 15, 2023 at 08:18AM
Ledger, a crypto hardware wallet maker, faced a security breach after former employee fell victim to a phishing attack, leading to theft of $600,000 in virtual assets. Malicious code from the compromised npm account was used to propagate crypto drainer malware to other applications. Ledger has since removed the malicious versions and taken steps to mitigate the issue.
Key Takeaways from Meeting Notes:
1. Ledger, a crypto hardware wallet maker, released a new version of its npm module after a phishing attack led to the compromise of their account and the theft of over $600,000 in virtual assets.
2. An unidentified threat actor uploaded three malicious versions of the module, leading to a software supply chain breach.
3. The malicious code rerouted funds to a hacker’s wallet using a rogue WalletConnect project, directly embedding a wallet-draining payload to execute unauthorized transactions.
4. Sonatype reported that the malicious file was active for around five hours, with the funds being drained in a limited window of less than two hours.
5. Ledger has removed the malicious versions, published version 1.1.8 to address the issue, and reported the threat actor’s wallet addresses. Stolen funds have been frozen by stablecoin issuer Tether.
6. The incident highlights the targeting of cryptocurrency assets and the use of open-source ecosystems as vectors for installing malware through supply chain attacks.
In addition, the meeting notes recommend following the company on Twitter and LinkedIn for more exclusive content.