Ledger CEO talks about the Connect hack

Pascal Gauthier LedgerPascal Gauthier Ledger

Pascal Gauthier CEO of Ledger – Credit: Ledger

Pascal Gauthier has given more than details on the hack from Ledger Connect. The CEO wants to improve practices from safety and help visit victims to recover stolen cryptocurrencies.

In a letter shared on X a few hours after the attack affecting the Ledger Connect kit – a Javascript library that implements a button allowing users to connect their Ledger device to third-party DApps -, Pascal Gauthier returned to the incident.

The crypto-physical wallet maker’s boss explained that a malicious actor had managed to upload a file to Ledger’s NPMJS after successfully performing a phishing attack on a former employee. In detail, Ledger’s NPMJS is a package manager for Javascript code shared between applications.

Thanks to this operation, the hacker was able to steal crypto from Ledger customer wallets when customers connected their devices to third-party decentralized applications such as Sushiswap.

We worked quickly, alongside our partner WalletConnect, to remediate the exploit, updating NPMJS to remove and disable the malicious code within 40 minutes of its discovery,” Pascal Gauthier reported.

The executive went on to say that the attack was an “unfortunate isolated incident”, promising to reinforce security practices within the company.

Read:  Circle appoints CFTC alumnus as General Counsel

“This reminds us that security is not static and that Ledger must continually improve our security systems and processes. In this area, Ledger will implement stricter security controls, connecting our build pipeline that implements strict software supply chain security to the NPM distribution channel,” the letter reads.

While the total loss is still unknown today, Pascal Gauthier said Ledger would help affected users “find this bad actor, bring him to justice, track funds and work with law enforcement to recover stolen assets from the hacker”.

As reported yesterday, according to Lookonchain, the hacker has succeeded to steal more than 4,300 ethers, but his address was frozen by the Tether sender.

The image of the world’s leading crypto hardware wallet is taking a serious hit with this latest incident. The theft of its customer database had already damaged its image in 2020.

To keep abreast of the latest Crypto and Web3 news, click here. Coins.fr on TwitterLinkedin, Google, Facebook and Telegram

The Best Online Bookmakers February 24 2024

BetMGM Casino

Bonus

$1,000