The unknown attacker that compromised Ledger’s Connectkit Library has reportedly siphoned $484,000 from wallets, according to the onchain intelligence firm Lookonchain. Ledger disclosed a former employee fell victim to a phishing attack and the attacker gained access to the Ledger Connectkit Library and uploaded a malicious bug.
Ledger Responds to $484K Hack
The latest and secure version 1.1.8 of the Ledger Connect Kit is currently being disseminated automatically, according to the last update from Ledger. The company advised a waiting period of 24 hours before resuming use of the Ledger Connect Kit. This precaution follows a security breach detailed in the ensuing timeline: Initially, a phishing attack targeted a former Ledger Employee’s NPMJS account early today, Central European Time.
Ledger said the breach enabled the attacker to release a compromised version of the Ledger Connect Kit (versions 1.1.5 through 1.1.7), which manipulated a deceptive Walletconnect project to rerout
We współpracy z: https://news.bitcoin.com/ledger-connect-kit-breach-hacker-siphons-484k-company-rolls-out-version-1-1-8/
