Bitcoin
Bitcoin (BTC)
$97,991.00 4.61414
Bitcoin price
Ethereum
Ethereum (ETH)
$3,291.66 6.38556
Ethereum price
BNB
BNB (BNB)
$620.22 1.43452
BNB price
Solana
Solana (SOL)
$244.45 2.62469
Solana price
XRP
XRP (XRP)
$1.13 -0.62619
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000246 0.80258
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000204 2.58758
Pepe price
Bonk
Bonk (BONK)
$0.0000525 -1.9526
Bonk price
dogwifhat
dogwifhat (WIF)
$3.26 1.27396
dogwifhat price
Popcat
Popcat (POPCAT)
$1.60 -2.93533
Popcat price
Bitcoin
Bitcoin (BTC)
$97,991.00 4.61414
Bitcoin price
Ethereum
Ethereum (ETH)
$3,291.66 6.38556
Ethereum price
BNB
BNB (BNB)
$620.22 1.43452
BNB price
Solana
Solana (SOL)
$244.45 2.62469
Solana price
XRP
XRP (XRP)
$1.13 -0.62619
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000246 0.80258
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000204 2.58758
Pepe price
Bonk
Bonk (BONK)
$0.0000525 -1.9526
Bonk price
dogwifhat
dogwifhat (WIF)
$3.26 1.27396
dogwifhat price
Popcat
Popcat (POPCAT)
$1.60 -2.93533
Popcat price
Bitcoin
Bitcoin (BTC)
$97,991.00 4.61414
Bitcoin price
Ethereum
Ethereum (ETH)
$3,291.66 6.38556
Ethereum price
BNB
BNB (BNB)
$620.22 1.43452
BNB price
Solana
Solana (SOL)
$244.45 2.62469
Solana price
XRP
XRP (XRP)
$1.13 -0.62619
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000246 0.80258
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000204 2.58758
Pepe price
Bonk
Bonk (BONK)
$0.0000525 -1.9526
Bonk price
dogwifhat
dogwifhat (WIF)
$3.26 1.27396
dogwifhat price
Popcat
Popcat (POPCAT)
$1.60 -2.93533
Popcat price
Bitcoin
Bitcoin (BTC)
$97,991.00 4.61414
Bitcoin price
Ethereum
Ethereum (ETH)
$3,291.66 6.38556
Ethereum price
BNB
BNB (BNB)
$620.22 1.43452
BNB price
Solana
Solana (SOL)
$244.45 2.62469
Solana price
XRP
XRP (XRP)
$1.13 -0.62619
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000246 0.80258
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000204 2.58758
Pepe price
Bonk
Bonk (BONK)
$0.0000525 -1.9526
Bonk price
dogwifhat
dogwifhat (WIF)
$3.26 1.27396
dogwifhat price
Popcat
Popcat (POPCAT)
$1.60 -2.93533
Popcat price

Ledger ex-staff phished in library compromise

ledger-ex-staff-phished-in-library-compromise
Edited by
News
Ledger ex-staff phished in library compromise

The hard wallet maker said a former employee fell victim to a phishing scam, which allowed a hacker to access the library and steal $480,000 in crypto.

Ledger’s chairman and CEO, Pascal Gauthier, attested to an exploit on Ledger Connect Kit, a Javascript library to connect Web sites to wallets on several defi platforms. Gauthier’s letter said the incident was isolated to third-party applications and stressed that Ledger’s hard wallet products remained unaffected.

The standard practice at Ledger is that no single person can deploy code without review by multiple parties. We have strong access controls, internal reviews, and multi-signature code when it comes to most parts of our development. This is the case in 99% of our internal systems. Any employee who leaves the company has their access revoked from every Ledger system.

Pascal Gauthier, chairman and CEO, Ledger

However, Gauthier confirmed that an ex-staff was hacked by a phishing scammer who then used compromised account access to publish a rogue WalletConnect project. This allowed bad actors to reroute user funds. 

The Dec. 14 exploit affected several defi apps like SushiSwap and Revoke.cash, crypto.news reported.

Ledger’s update on the issue verified observations made by crypto participants on social media. One user identified a GitHub account linked to an ex-Ledger developer, Junichi Sugiura. Gauthier’s post did not identify the former employee, and Sugiura had not replied to requests for comments. 

Tether froze an address linked to the hacker, according to CTO Paolo Ardoino. Meanwhile, CertiK reported ERC-20 transactions made by wallets likely affiliated with the exploiter.

https://twitter.com/CertiKAlert/status/1735337013232967861?t=UyFAgyfTPaCnezW3gmd1kA&s=19

The exploit marked the second time in two months that phishers have leveraged Ledger to steal user funds. In November, crypto investigator ZachXBT warned users of a fake Ledger Live app on the official Microsoft app store. The fraudulent app siphoned Bitcoin (BTC) and Ether (ETH) worth $768,000.