Tether Freezes Attacker’s Wallet in Ledger Library Exploit

Tether has effectively immobilized significant funds linked to a recent cyberattack on Ledger’s code library. This decisive move underscores the ongoing battle against cybercriminals in the blockchain space. Tether’s Chief Technology Officer, Paolo Ardoino, announced the freezing of an attacker’s address that siphoned approximately $483,000 from various protocols, as per data from DeBank.

Details of the Compromised Assets

Among the stolen assets were $44,000 in USDT, Tether’s stablecoin. Tether has barred any further USDT transactions from this address by freezing the wallet, though other digital asset transactions remain possible. Notably, the attacker’s wallet interacted with the notorious AngelDrainer phishing group, including a transaction involving 4.334 ETH.

Ledger’s Vulnerability and Response

Ledger, a leading hardware wallet provider, suffered a significant setback when its Ledger ConnectKit library, a critical code repository, was compromised. The breach, which originated from a phishing attack on a former Ledger employee, resulted in the injection of malicious code. 

Consequently, the front-ends of several decentralized finance (DeFi) protocols were left exposed to potential exploits. In response, DeFi platforms such as Kyber and RevokeCash temporarily disabled their front-ends, while Sushi Swap’s CTO Matthew Lilley advised users to avoid all dapp interactions.

Prompt Mitigation and Collaboration

Ledger has since released an update, Ledger Connect Kit version 1.1.8, to address the security flaw. The malicious version affected versions 1.1.5 to 1.1.7, utilizing a rogue WalletConnect project to redirect funds to the hacker’s wallet. Ledger’s team deployed a fix within 40 minutes of being alerted, effectively limiting the malicious file’s active period to about 5 hours. The window for fund drainage was even narrower, lasting less than two hours.

Ledger’s swift action, combined with the support from WalletConnect service, Tether, Chainalysis, and on-chain investigator ZachXBT, exemplifies the strength of collaboration in the crypto community. Such partnerships are crucial in tackling the sophisticated threats that increasingly target the world of digital assets.

Read Also: Cardano Users Warned Against Fake ADA Rewards Scam

✓ Share:

Kelvin is a distinguished writer specializing in crypto and finance, backed by a Bachelor’s in Actuarial Science. Recognized for incisive analysis and insightful content, he has an adept command of English and excels at thorough research and timely delivery.

The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.