Ledger, the leading company in security solutions for crypto assets, has confirmed that its Connect Kit, a tool that allows you to connect your hardware devices with web applications, was exploited by malicious hackers who created a fake version of it. This malicious version was used to attack several decentralized (DeFi) platforms such as SushiSwap, and it is estimated that over $600,000 worth of cryptocurrency was drained from victims.
The attack was discovered after several users reported that their funds had been transferred to unknown addresses when attempting to interact with SushiSwap, a cryptocurrency exchange and lending platform, through their LEDGER wallet. The SushiSwap developers warned that it was a front-end attack, that is, that the hackers had modified the code of the website to trick users into believing that they were connecting their Ledger with the legitimate platform, when they were actually sending their private keys to the attackers.
Ledger, for its part, acknowledged that the source of the problem was a malicious version of its Connect Kit, which had been distributed through a fake GitHub repository. As the company explained, the hackers had created an exact copy of their tool, but with a small modification: instead of sending the transactions signed by the Ledger device to the corresponding network node, they sent them to a server controlled by the attackers, who could modify them at will and steal users' funds.
The company assured that its original Connect Kit was not compromised, and that only users who downloaded the fake version from the GitHub repository were affected. Furthermore, they stated that they had already taken measures to prevent the attack from recurring (removing the fake repository, blocking the hackers' addresses, and alerting the affected DeFi platforms). They also advised users to always verify the authenticity of the web applications they connect with, and to never share their 24 recovery words with anyone.
This attack is another of the most sophisticated and damaging that has been seen in the cryptocurrency ecosystem, and it demonstrates the importance that to maintain good security we must be attentive to possible signs of fraud. The hackers not only took advantage of a technical vulnerability, but also the trust that users place in Ledger, a recognized and respected brand in the sector.
Always remember that it is essential that as a user you inform yourself well before downloading any software or interacting with any platform, always verify official sources and security certificates. PROTECT YOUR ASSETS.
TOOLS, PLATFORMS & APPLICATIONS
Publish0x - Earn Cryptocurrency, NFT or Money daily for reading or writing articles and interacting with posts among other tasks.
AddmeFast - Earn Cryptocurrency. Promote and increase the sources of traffic, visibility, reach and reputation of your social networks.
Bitrefill - Travel, play, eat and live with Cryptocurrencies. Living with crypto, a philosophy of financial freedom.
StormGain - They can start without investment, capital is acquired for free with the Bitcoin Cloud Miner
- Called "The People's Exchange", it places a strong emphasis on social trading and offers its clients extensive features.
QuantFury (Invite Code: JRRU2593) - Join using my invite code: JRRU2593 and we will both receive a free share like AAPL or UBER, or crypto like BTC or ETH (up to $250). Trade and invest with no commissions or borrowing fees at real-time spot prices from the NYSE, Nasdaq, CME, Bats, BINANCE and COINBASE exchanges. With a good marketing management you have the possibility of obtaining passive profits without operating in the market.
