Tether freezes wallet of Ledger library exploiter; Ledger provides more details

Tether, the company behind the USDT

-0.03%
stablecoin, froze the address of an attacker who had extracted funds from various protocols, Tether CTO Paolo Ardoino wrote at X on Wednesday.

The address received according to. approximately $483,000 in various assets wallet analysis site DeBank, including $44,000 in USDT. The wallet also interacted with the phishing group AngelDrainer and sent 4,334 ETH to its wallets.

Tether freezing the wallet means that USDT can no longer be sent in the wallet to other addresses. The wallet can still perform other transactions.

Researchers previously reported that the Ledger ConnectKit library, a code repository used by hardware wallet vendor Ledger, was hacked and injected with a malicious code that emptied victims’ wallets. As a result, front-ends of several DeFi protocols became vulnerable.

Kyber and RevokeCash have shut down their front-ends and Sushi Swap CTO Matthew Lilley warned users are not allowed to interact with dapps at all on Wednesday mornings.

A patch is out

General ledger wrote on X that the company has already released a patch that is now available in the Ledger Connect Kit version 1.1.8. The company said its former employee fell victim to a phishing attack, allowing the attacker to gain access to his account and add new code.

“The attacker published a malicious version of the Ledger Connect Kit (covering versions 1.1.5, 1.1.6 and 1.1.7). The malicious code used a rogue WalletConnect project to redirect funds to a hacker wallet,” wrote the ledger team. , adding that the company was notified of the incident and implemented a fix within 40 minutes.

“The malicious file was active for approximately five hours, but we believe the time during which the funds were siphoned was limited to a period of less than two hours,” Ledger wrote, citing WalletConnect service, Tether, blockchain analytics firm Chainalysis and on-chain-sleuth thanked. ZachXBT for help.