Ledger claims that the funds were drained in less than two hours, after which it came on top of the situation.
Crypto wallet firm Ledger had a dark Thursday after hackers placed malicious code into the GitHub library for Connect Kit. However, it was not the only victim of the attack. While Ledger reportedly lost at least $484,000 in the hack, many other decentralized finance (DeFi) protocols that also use the library may have been affected as well.
Connect Kit, which is maintained by Ledger, is a widely used software among DeFi protocols. It is a piece of code that protocols such as Coinbase, MetaMask, Sushi, and even Lido use to connect to crypto hardware wallets. So, it is very likely that the latest hack may have impacted the front-ends of all such protocols as the ones mentioned above, which use Connect Kit.
In the wake of Ledger’s exploit, users have also been cautioned to steer clear of using decentralized apps (dApps). That is until the protocols update their codes.
Ledger Identifies Threat, Updates Its Code
Confirming the incident, Ledger gave a detailed account of how the hack happened in a Thursday X post. The firm said an employee was initially targeted in a phishing attack. The hackers then went on to introduce the malicious version of the Ledger Connect Kit, the post said.
Ledger claims that the funds were drained in less than two hours, after which it came on top of the situation. Ledger has now moved to resolve the issue by updating its own code.
Meanwhile, it may not be the same story for other protocols. According to Ido Ben-Natan, the CEO of blockchain security firm Blockaid, “many websites are still affected and users are getting hit.”
Blockaid suggests that it would take efforts from individual protocols to completely put out the risk. That is, every protocol using Ledger’s Connect Kit must carry out manual updates on their library version. For now, Ben-Natan has identified revoke.cash as a high-risk protocol and has warned users against interacting with it. About the protocol, he wrote partly:
“The number of impacted funds is hundreds of thousands of dollars over the past two hours.”
DeFi Hacks on the Rise
The DeFi space continues to be greeted with various security issues. From phishing attacks to bridging hacks to SIM swaps, the attacks have been more frequent throughout this year.
For perspective, over $303 million was stolen in July alone as Curve Finance and Multichain fell victim to these exploits. More recently, Coinspeaker also reported about Mixin Network being hacked for another $200 million.
It must also be mentioned that the growing DeFi hacks are a reflection of the general state of the crypto industry. That is as it relates to hacks and scams. A Q3 report from Immunefi claims that crypto has suffered a 153% year-on-year increase in hacks and scams. That means that between July to September 2023, there was a 153% increase in such incidents as opposed to the same period in 2022.