An apparent supply chain attack on Ledger’s Connect Kit, a software tool that allows users to connect their wallets to the front ends of decentralized applications (dApps), User’s wallet is exhausted.
A compromised account belonging to a former Ledger employee pushed a new version of the Connect Kit software to the NPM software repository and was replaced several hours later. The breach posed a risk to services that rely on the software, even if users weren’t using her Ledger-branded hardware wallets.
X (formerly Twitter) users have reported that this malicious version displays additional pop-ups that show users leaked software based on modified WalletConnect software.
The default implementation of Ledger HQ’s “connect-kit-loader” is Particularly vulnerable and always chooses to load the latest version Access directly from a content delivery network (CDN) rather than locking into a specific version.
Companies have already begun responding to this attack, with Tether CEO Paolo Ardoino saying via X that Tether has decided to freeze addresses associated with this exploit.
Read more: Researchers discover data collection within Ledger Live app
Blockchain researcher ZachXBT said, pointed Toward 0x658729879fca881d9526480b82ae00efc54b5c2d as the exploiter’s address. This address also initially forwarded him to 0x412f10AAd96fD78da6736387e2C84931Ac20313f or “Angel Drainer”. This address is often used in phishing scams.
Various assets are stored at this address, which Debunk says has a value of approximately Before asset transfer: $480,000 It came out of my wallet.
Any tips? Please send us an email or ProtonMail.For more news, follow us X, Instagram, blue skyand google newsor subscribe YouTube channel.