Crypto hardware wallet provider Ledger was the target of a sophisticated hacking incident, which led to the theft of approximately $484,000 in assets. It was linked to a former Ledger employee who fell victim to a phishing attack.
The incident unfolded when the former employee's NPMJS account was compromised, allowing the attacker to publish malicious versions of the Ledger Connect Kit.
This compromised software utilized a rogue WalletConnect project to divert funds to a hacker-controlled wallet.
The malicious code was active for around five hours, but Ledger's technology and security teams responded, deploying a fix within 40 minutes of becoming aware of the breach, ...