An ex-employee of the cryptocurrency hardware company Ledger fell prey to a phishing scam, compromising their NPMJS account, as reported in an email to Blockworks.
Subsequently, the compromised code was uploaded to ConnectKit, a software that links blockchain applications with Ledger devices. Ledger responded swiftly, deploying a fix about 40 minutes after being notified, although the harmful code had already been active for five hours.
The malicious code was discovered early Thursday in Ledger’s ConnectKit software libraries. WalletConnect intervened to deactivate the problematic project. Chainalysis identified and publicized the associated address, while Tether CEO Paolo Ardoino announced that his team had frozen the address used by the attackers.
Ledger has informed Blockworks that it is currently assisting affected customers and cooperating with law enforcement to pursue the attacker.
As a result of the breach, SushiSwap and Revoke.cash temporarily shut down their web applications. Revoke.cash, as previously reported by Blockworks, was directly affected by this incident. SushiSwap has advised its users to refrain from interacting with their webpage.
Ledger, heeding social media warnings, has announced that it successfully replaced the corrupt file with the correct one.
Furthermore, Ledger has issued a reminder to the community about the importance of Clear Signing transactions. They stress that the only reliable information is what appears on the Ledger device screen, and they advise users to abort transactions immediately if there is any discrepancy between the Ledger device and computer or phone screens.