CryptoMediaClub
Sunday, July 6, 2025
  • All news
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFT
  • Blockchain
  • Analysis
No Result
View All Result
  • All news
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFT
  • Blockchain
  • Analysis
No Result
View All Result
CryptoMediaClub
No Result
View All Result
Home All news

How the Ledger Connect hacker tricked users into making malicious approvals

15.12.2023
A A
0
121
VIEWS
ShareShare

The Ledger hacker who siphoned away at least $484,000 from multiple Web3 apps on Dec. 14 did so by tricking users into making malicious token approvals, according to the team behind blockchain security platform Cyvers.

According to public statements made by multiple parties involved, the hack occurred on the morning of Dec. 14. The attacker used a phishing exploit to compromise the computer of a former Ledger employee, gaining access to the employee’s node package manager JavaScript (NPMJS) account.

Once they gained access, they uploaded a malicious update to Ledger Connect’s GitHub repo. Ledger Connect is a commonly used package for Web3 applications.

Some Web3 apps upgraded to the new version, causing their apps to distribute the malicious code to users’ browsers. Web3 apps Zapper, SushiSwap, Phantom, Balancer and Revoke.cash were infected with the code.

As a result, the attacker was able to siphon away at least $484,000 from users of these apps. Other apps may be affected as well, and experts have warned that the vulnerability may affect the entire Ethereum Virtual Machine (EVM) ecosystem.

How it could have happened

Speaking to Cointelegraph, Cyvers CEO Deddy Lavid, chief technology officer Meir Dolev and blockchain analyst Hakal Unal shed further light on how the attack may have occurred.

According to them, the attacker likely used malicious code to display confusing transaction data in the user’s wallet, leading the user to approve transactions they didn’t intend to.

When developers create Web3 apps, they use open-source “connect kits” to allow their apps to connect with users’ wallets, Dolev stated. These kits are stock pieces of code that can be installed in multiple apps, allowing them to handle the connection process without needing to spend time writing code. Ledger’s Connect Kit is one of the options available to handle this task.

When a developer first writes their app, they usually install a connect kit through a node package manager. After creating a build and uploading it to their site, their app will contain the connect kit as part of its code, which will then be downloaded into the user’s browser whenever the user visits the site.

According to the Cyvers team, the malicious code inserted into the Ledger Connect Kit likely allowed the attacker to alter the transactions being pushed to the user’s wallet. For example, as part of the process of using an app, a user often needs to issue approvals to token contracts, allowing the app to spend tokens out of the user’s wallet.

The malicious code may have caused the user’s wallet to display a token approval confirmation request, but with the attacker’s address listed instead of the app’s address. Or, it may have caused a wallet confirmation to appear that would consist of difficult-to-interpret code, causing the user to confusedly push “confirm” without understanding what they were agreeing to.

An example of a Web3 token approval. Source: MetaMask

Blockchain data shows that the victims of the attack gave very large token approvals to the malicious contract. For example, the attacker drained over $10,000 from the Ethereum address 0xAE49C1ad3cf1654C1B22a6Ee38dD5Bc4ae08fEF7 in one transaction. The log of this transaction shows that the user approved a very large amount of USD Coin (USDC) to be spent by the malicious contract.

Token approval by exploit victim. Source: Etherscan

This approval was likely performed by the user in error because of the malicious code, said the Cyvers team. They warned that avoiding this kind of attack is extremely difficult, as wallets do not always give users clear information about what they are agreeing to. One security practice that may help is to carefully evaluate each transaction confirmation message that pops up while using an app. However, this may not help if the transaction is displayed in code that is not easily readable or is confusing.

Related: ConsenSys exec on MetaMask Snaps security: ‘Consent is king’

Cyvers claimed that its platform allows businesses to check contract addresses and determine whether these addresses have been involved in security incidents. For example, the account that created the smart contracts used in this attack was detected by Cyvers as having been involved in 180 security incidents.

Cyvers’ security platform. Source: Cyvers

While Web3 tools in the future could allow attacks like these to be detected and thwarted in advance, the industry still has “a long way to go” in solving this problem, the team told Cointelegraph.

Share9Tweet6ShareSharePin2

Related Posts

Why Snaky Way’s $AKE Token Is More Than Just a Meme Coin, Presale Ongoing
All news

Why Snaky Way’s $AKE Token Is More Than Just a Meme Coin, Presale Ongoing

06.07.2025
0

Here’s the thing about meme coins: they usually start strong but fizzle out fast. Snaky Way seems to understand this...

Read moreDetails
Ripple (XRP) Holders Achieve Financial Freedom by Starting Dogecoin (DOGE) Mining Machines through Blockchain Cloud Mining

Ripple (XRP) Holders Achieve Financial Freedom by Starting Dogecoin (DOGE) Mining Machines through Blockchain Cloud Mining

06.07.2025
PEPE Whales Accumulate Amid Market Volatility: Is a 200x Rally Coming?

PEPE Whales Accumulate Amid Market Volatility: Is a 200x Rally Coming?

06.07.2025
Bitcoin Cash Futures Jump 24% as Active Addresses Hit Six-Year Low – Risk Ahead?

Bitcoin Cash Futures Jump 24% as Active Addresses Hit Six-Year Low – Risk Ahead?

06.07.2025
Bitcoin Price Prediction: Whispers of Satoshi After 80,000 BTC Move – Market Sentiment Shift?

Bitcoin Price Prediction: Whispers of Satoshi After 80,000 BTC Move – Market Sentiment Shift?

06.07.2025
Load More
Next Post
Don't get excited about Fed 'dovishness' — another rate hike is in the cards

Don't get excited about Fed 'dovishness' — another rate hike is in the cards

0 0 votes
Рейтинг статьи
Subscribe
Notify of
guest
guest
0 комментариев
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Recommended

Dogecoin Reigns Over Bitcoin, Ethereum, and Litecoin in Trading Volume

Dogecoin Reigns Over Bitcoin, Ethereum, and Litecoin in Trading Volume

2 years ago
Sunil Srivatsa, CEO of Cove Protocol, on People Losing Money to Better-Informed Traders, Approaching Mass Adoption, and Key Trading Practices | Ep. 354

Sunil Srivatsa, CEO of Cove Protocol, on People Losing Money to Better-Informed Traders, Approaching Mass Adoption, and Key Trading Practices | Ep. 354

12 months ago
Solana Price Prediction as SOL Reaches Highest Level Since December 2021 – Can SOL Overtake Ethereum?

Solana Price Prediction as SOL Reaches Highest Level Since December 2021 – Can SOL Overtake Ethereum?

1 year ago
Privateness-focused layer 2s will remodel Ethereum’s enterprise future

Privateness-focused layer 2s will remodel Ethereum’s enterprise future

5 months ago

Categories

  • All news
  • Altcoins
  • Analysis
  • Bitcoin
  • Blockchain
  • Ethereum
  • NFT
No Result
View All Result

Highlights

Bitcoin Cash Futures Jump 24% as Active Addresses Hit Six-Year Low – Risk Ahead?

Bitcoin Price Prediction: Whispers of Satoshi After 80,000 BTC Move – Market Sentiment Shift?

Abstract and K-Pop Agency Modhaus Partner to Give Fans a ‘Real Seat at the Table’

$8.6B Bitcoin Move Sparks Fears of Massive Hack: Coinbase’s Conor Grogan

XRP Price Prediction: Despite Recent Slip, Ripple’s Institutional Push Targets $10 – What to Watch

Ethereum Price Prediction: ETH Gains 4% This Week, Yet Golden Cross Flops – Is $3,000 Out of Reach?

Trending

Why Snaky Way’s $AKE Token Is More Than Just a Meme Coin, Presale Ongoing
All news

Why Snaky Way’s $AKE Token Is More Than Just a Meme Coin, Presale Ongoing

06.07.2025
0

Here’s the thing about meme coins: they usually start strong but fizzle out fast. Snaky Way seems...

Ripple (XRP) Holders Achieve Financial Freedom by Starting Dogecoin (DOGE) Mining Machines through Blockchain Cloud Mining

Ripple (XRP) Holders Achieve Financial Freedom by Starting Dogecoin (DOGE) Mining Machines through Blockchain Cloud Mining

06.07.2025
PEPE Whales Accumulate Amid Market Volatility: Is a 200x Rally Coming?

PEPE Whales Accumulate Amid Market Volatility: Is a 200x Rally Coming?

06.07.2025
Bitcoin Cash Futures Jump 24% as Active Addresses Hit Six-Year Low – Risk Ahead?

Bitcoin Cash Futures Jump 24% as Active Addresses Hit Six-Year Low – Risk Ahead?

06.07.2025
Bitcoin Price Prediction: Whispers of Satoshi After 80,000 BTC Move – Market Sentiment Shift?

Bitcoin Price Prediction: Whispers of Satoshi After 80,000 BTC Move – Market Sentiment Shift?

06.07.2025
  • All news
  • Altcoins
  • Bitcoin
  • Blockchain
  • Ethereum
  • NFT
  • Analysis
Editor: cryptomediaclub.com@gmail.com
Advertising: digestmediaholding@gmail.com

Disclaimer: Information found on CryptoMediaClub is those of writers quoted. It does not represent the opinions of CryptoMediaClub on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoMediaClub covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.

© 2023 Crypto News. All Rights Reserved

No Result
View All Result
  • All news
  • Bitcoin
  • Ethereum
  • Altcoins
  • NFT
  • Blockchain
  • Analysis

Disclaimer: Information found on CryptoMediaClub is those of writers quoted. It does not represent the opinions of CryptoMediaClub on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoMediaClub covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.

© 2023 Crypto News. All Rights Reserved

wpDiscuz