Tether has effectively immobilized significant funds linked to a recent cyberattack on Ledger’s code library. This decisive move underscores the ongoing battle against cybercriminals in the blockchain space. Tether’s Chief Technology Officer, Paolo Ardoino, announced the freezing of an attacker’s address that siphoned approximately $483,000 from various protocols, as per data from DeBank.
Details of the Compromised Assets
Among the stolen assets were $44,000 in USDT, Tether’s stablecoin. Tether has barred any further USDT transactions from this address by freezing the wallet, though other digital asset transactions remain possible. Notably, the attacker’s wallet interacted with the notorious AngelDrainer phishing group, including a transaction involving 4.334 ETH.
Ledger’s Vulnerability and Response
Ledger, a leading hardware wallet provider, suffered a significant setback when its Ledger ConnectKit library, a critical code repository, was compromised. The breach, which originated from a phishing attack on a former Ledger employee, resulted in the injection of malicious code.
Consequently, the front-ends of several decentralized finance (DeFi) protocols were left exposed to potential exploits. In response, DeFi platforms such as Kyber and RevokeCash temporarily disabled their front-ends, while Sushi Swap’s CTO Matthew Lilley advised users to avoid all dapp interactions.
Prompt Mitigation and Collaboration
Ledger has since released an update, Ledger Connect Kit version 1.1.8, to address the security flaw. The malicious version affected versions 1.1.5 to 1.1.7, utilizing a rogue WalletConnect project to redirect funds to the hacker’s wallet. Ledger’s team deployed a fix within 40 minutes of being alerted, effectively limiting the malicious file’s active period to about 5 hours. The window for fund drainage was even narrower, lasting less than two hours.
Ledger’s swift action, combined with the support from WalletConnect service, Tether, Chainalysis, and on-chain investigator ZachXBT, exemplifies the strength of collaboration in the crypto community. Such partnerships are crucial in tackling the sophisticated threats that increasingly target the world of digital assets.
Read Also: Cardano Users Warned Against Fake ADA Rewards Scam
This news is republished from another source. You can check the original article here