Search Inside Bitcoins

Ledger’s Crypto & NFT Hardware Wallet Got Hacked – Over $600K Crypto Drained

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Ledger Hardware Wallet
Ledger Hardware Wallet

Join Our Telegram channel to stay up to date on breaking news coverage

On December 14, Ledger, the company that makes physical crypto wallets that look similar to USB drives or other storage devices, saw its Ledger Connect Kit software compromised, leading to hundreds of dollars being drained from users’ wallets. In this article, we shall explore in-depth what went wrong.

Ledger Hardware Wallet Got Hacked – What Went Wrong?

Blockaid, a renowned crypto security startup, was the first security firm to detect a malicious exploit on Ledger Connect. It wrote, “we’ve detected a potential supply chain attack on Ledger connect kit. The attacker has injected a wallet-draining payload into the popular NPM package. This heist currently affects a couple of popular dapps.” But what went wrong?

Ledger started its journey in 2014. The firm was launched by a team of crypto experts with complementary backgrounds to secure the blockchain revolution. Ledger has over 700 employees across 8 offices, including Paris, Vierzon, London, Portland, Singapore, and more.

Since its inception, Ledger has emerged as one of the most trusted crypto security devices, gaining immense trust among millions of users. Their devices are powered by the Secure Element chip and Ledger’s proprietary OS, battle-tested for years by security experts.

In a short statement, Ledger has plainly explained that the exploit originated from a phishing attack that targeted a former employee. The hacker published malicious code that rerouted user funds to their wallet during transactions with decentralized applications, or dapps, that used the affected software.

The Ledger Company said the malicious code was live for around five hours. Fortunately, its security experts were able to deactivate the malicious code and replace the Ledger Connect Kit in the subject with a new and more secure Ledger Connect Kit.

Based on Blockaid estimate, anywhere from 500 to 1000 crypto wallets were compromised, leading to more than $500,000 being stolen from crypto and NFT users. While commenting about the hack in a short interview, Raz Niv, co-founder and chief technology officer of Blockaid, said that the hack was not specific to Ledger customers and that users of various hardware and software wallets from other providers were also impacted.

Ledger CEO Describes The Hack As An ‘Isolated Incident’

In a subsequent blog post, Pascal Gauthier, the chairman and the chief executive officer of Ledger, has remorsefully sympathized with all affected users, vowing to do what it takes to “find this bad actor, bring them to justice.” The top executive said the hack of Ledger’s Javascript connector library was an “isolated incident” and promised more robust security control.

The recent security breach is another black eye for Ledger, which received massive criticism in May for a new security tool that many users argued was antithetical to the basic tenets of crypto. Ledger hack also reflects the persistence of security attacks in the crypto industry, which saw crypto projects lose $1.7 billion to exploits in 2023, according to data from analytics firm TRM Labs.

Related NFT News:

Smog (SMOG) - Meme Coin With Rewards


Smog token
  • Airdrop Season One Live Now
  • Earn XP To Qualify For A Share Of $1 Million
  • Featured On Cointelegraph
  • Staking Rewards - 42% APY
  • 10% OTC Discount -
Smog token

Join Our Telegram channel to stay up to date on breaking news coverage

Read next