bitlyfool.com
Open in
urlscan Pro
162.0.232.104
Public Scan
URL:
https://bitlyfool.com/ledger-falls-victim-to-supply-chain-attack-over-480000-drained-2/
Submission: On December 15 via manual from US — Scanned from US
Submission: On December 15 via manual from US — Scanned from US
Form analysis 1 forms found in the DOM
GET https://bitlyfool.com/
<form role="search" method="get" action="https://bitlyfool.com/" class="wp-block-search__button-outside wp-block-search__text-button wp-block-search"><label class="wp-block-search__label" for="wp-block-search__input-1">Search</label>
<div class="wp-block-search__inside-wrapper "><input class="wp-block-search__input" id="wp-block-search__input-1" placeholder="" value="" type="search" name="s" required=""><button aria-label="Search"
class="wp-block-search__button wp-element-button" type="submit">Search</button></div>
</form>Text Content
BITLYFOOL.COM This Website Promotes Monetary Freedom! * Home * Contact Us * Learn About Bitcoin And Blockchain * Crypto Currency Resources * Live Crypto Stats * Buy/Exchange Crypto * What’s in your Que? * Miner Resources * Privacy Coins * Small Business Needs Your Help! * Bitcoin Is The First Properly Designed Monetary System * Artificial Intelligence Search Engine * Advertise On The Fool * Links * All Articles By BitlyFool.com ‹› LEDGER FALLS VICTIM TO SUPPLY CHAIN ATTACK, OVER $480,000 DRAINED by BitlyFool | Posted on December 14, 2023 In yet another significant security breach, unknown malicious agents targeted Ledger, the popular hardware wallet provider, aiming to exploit their LedgerConnect kit. Blockaid, a platform aiming to protect web3 users, was the first to report on the attack. THE SUPPLY CHAIN ATTACK TARGETING LEDGER CONNECTOR Taking to X on December 14, Blockaid said attackers successfully injected a “wallet-draining payload” into the NPM package. Once the payload propagated, attackers hijacked the front end of multiple apps, including Sushi, Hey, and Zapper, crippling operations and reportedly making away with hundreds of thousands of dollars worth of assets. The attack wasn’t targeting any dapp or blockchain like Solana or Ethereum, for example. Instead, hackers wanted to exploit all protocols whose users, in one way or another, used the LedgerConnect kit to manage or transfer assets. To understand how the hack was executed, hackers expressly targeted Ledger’s NPM. The connector is crucial in how typically off-chain Ledger wallet clients can securely connect and manage their assets online. While providing a means of accessing wallets, NPM is also an interface. Through this portal, developers can integrate Ledger hardware wallets into apps. In this case, Ledger users can securely engage in non-fungible tokens (NFTs), decentralized finance (DeFi), and other activities. Since this attack aimed to exploit a critical Ledger infrastructure that could impact all protocols regardless of blockchain, analysts now say these agents successfully executed a “supply chain attack.” In supply chain attacks on DeFi protocols, hackers can target a trusted service provider, mostly a wallet provider or exchange, to steal funds. LEDGER RESPONDS, OVER $480,000 STOLEN Wintermute’s Head of Research, Igor Igamberdiev, reported that a script infected with malware was uploaded to Ledger’s NPM register at 9:44 am UTC. However, Ledger has since responded, saying they deleted the malicious file and replaced it with a genuine version roughly four hours after the script was uploaded at around 1:35 pm UTC. Ledger has also reminded users to be keen before signing off on their transactions, emphasizing that all addresses and information displayed on their interface are the “only reliable sources of information.” Earlier, the hardware manufacturer assured clients that their devices were not compromised. Despite these assurances, Lookonchain, a blockchain analytics platform, said over $480,000 worth of assets were stolen before Ledger patched the error. To further reinforce ZachXBT’s statement, Paolo Ardoino, the CEO of Tether, the USDT issuer, took to X, saying the platform had blocked the Ledger Exploiter’s address. DeFi Ethereum Ledger Ledger hack LedgerConnect Solana Tether USDT ABOUT THE AUTHOR RELATED POSTS October 2, 2023 BITCOIN AND CRYPTO FORECAST: THE 3 GAME-CHANGING EVENTS TO WATCH THIS WEEK August 8, 2022 PRICE ANALYSIS 8/8: BTC, ETH, BNB, XRP, ADA, SOL, DOGE, DOT, MATIC, AVAX July 13, 2023 POLYGON PROPOSES TOKEN SWITCH FROM MATIC TO POL FOR MORE UTILITY Search Search This Website Promotes Monetary Freedom, Integrity And Property Rights FOR ALL. BitlyFool Does Not Cater To The WEF, The WEF Is Attempting To Take Your Free Will, DO NOT Let Them. Resist The Reset! BitlyFool.x is now on the Web3 blockchain! We also offer this service to any website! Click on our website hash: QmT6ZckvsEZsu8oo4bkEE3uw2ZGZMyFXxssJpsGvdfcNM9 Email for details on this service bitlyfool@gmail.com Can't load widget F*ck Fakebook And Twitter! Censorship Proof Social Media AIWiki All posts are syndicated from around the internet except otherwise stated on title and in the navigation link to all articles authored by BitlyFool. 3 crypto sites contribute to all other posts on this blog. cryptodaily.co.uk crypto.news and blog.ethereum.org, please take up any legal matters with them as the posts are syndicated through rss and we have no affiliation with them. Copyright 2023 BitlyFool.com, All rights reserved. * Home * Advertise * Links * Privacy * Terms and Conditions * Contact Us 文 » A * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Home * Contact Us * Learn About Bitcoin And Blockchain * Crypto Currency Resources * Live Crypto Stats * Buy/Exchange Crypto * What’s in your Que? * Miner Resources * Privacy Coins * Small Business Needs Your Help! * Bitcoin Is The First Properly Designed Monetary System * Artificial Intelligence Search Engine * Advertise On The Fool * Links * All Articles By BitlyFool.com