Hackers have stolen over $480,000 in digital assets after they managed to infiltrate the Github library of Connect Kit, a key blockchain tool from crypto wallet firm Ledger.
Connect Kit facilitates the connection between decentralized finance (DeFi) protocols and hardware wallets, meaning the breach saw widespread impact across major DeFi protocols, prompting urgent advisories against using decentralized apps (dApps) until an update rolled out.
Protocols including Sushi, Lido, and MetaMask are all protocols that use Connect Kit and whose front-ends were affected by the security breach. Addressing the incident, Ledger confirmed an employee had been targeted in a “phishing attack” which led the attacker to publish “a malicious version of the Ledger Connect Kit.”
While Ledger has updated the code, according to security researchers full risk mitigation requires each protocol using Connect Kit to manually update their library. Currently, services used for withdrawing permissions from DeFi protocols are particularly at risk.
This incident is part of a larger trend of DeFi-related security breaches, with a staggering $303 million stolen in July alone. After these incidents, users often resort to withdrawing services to remove permissions from impacted protocols, but in this case, entire website front-ends were affected which could broaden the impact of the incident.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.cryptocompare.com/email-updates/daily/2023/dec/15/
- :has
- :is
- 000
- 15%
- 2023
- a
- According
- across
- addressing
- affected
- After
- against
- All
- alone
- an
- and
- apps
- ARE
- Assets
- At
- been
- between
- blockchain
- breach
- breaches
- broaden
- but
- by
- case
- code
- COM
- CONFIRMED
- Connect
- connection
- could
- crypto
- crypto roundup
- Crypto wallet
- CryptoCompare
- Currently
- DApps
- December
- decentralized
- Decentralized Finance
- decentralized finance (DeFi)
- DeFi
- DeFi protocols
- digital
- Digital Assets
- each
- Employee
- Entire
- facilitates
- finance
- Firm
- For
- from
- full
- GitHub
- had
- Hardware
- Hardware Wallets
- Have
- HTTPS
- Impact
- impacted
- in
- incident
- incidents
- Including
- July
- Key
- kit
- larger
- Led
- Ledger
- Library
- LIDO
- major
- managed
- manually
- meaning
- MetaMask
- million
- mitigation
- of
- often
- out
- over
- part
- particularly
- permissions
- plato
- Plato Data Intelligence
- PlatoData
- protocol
- protocols
- publish
- remove
- requires
- researchers
- Resort
- Risk
- Risk Mitigation
- Rolled
- roundup
- saw
- security
- security breaches
- security researchers
- Services
- staggering
- stolen
- SUSHI
- targeted
- that
- The
- their
- These
- they
- this
- to
- tool
- Trend
- until
- Update
- updated
- urgent
- use
- used
- users
- using
- version
- Wallet
- Wallets
- Website
- were
- which
- whose
- widespread
- with
- withdrawing
- zephyrnet