Last week saw Ledger, the world’s biggest crypto hardware wallet manufacturer, fall victim to a targeted high-profile supply chain attack that breached hundreds of thousands of dollars in cryptocurrencies from users’ wallets.
However, experts believe that the hack could’ve been truly catastrophic if it remained undetected for longer, and it could have siphoned off tens of millions in users’ funds and contaminated the entire DeFi ecosystem in the process. Ledger’s popularity as a cold wallet and its self-reported 1.5 million customers made it an easy target for the hacker, and it and other leading USB-format cold wallets like Trezor are often in the cross-hairs of bad actors for this reason. Alarmingly, the breach was first spotted by a third-party firm, not Ledger, which points to a potentially serious lapse in Ledger’s security monitoring.
The French wallet maker’s latest kerfuffle comes after previous slip ups such as 2021’s database phishing hack and 2023’s seed recovery service controversy. This time it involved the compromise of Ledger’s widely-used Connect Kit JavaScript library, leading to the theft of an estimated $700,000 in digital assets from wallets that connected to services through Connect Kit.
The hack’s sneaky attack vector and capacity to annihilate the entire DeFi industry offer several serious security considerations for all crypto users and service providers, which we will discuss later in this article.
It sounds like today's security incident was the culmination of 3 separate failures at Ledger:
— Jameson Lopp (@lopp) December 14, 2023
1. Blindly loading code without pinning a specific version and checksum.
2. Not enforcing "2 man rules" around code review and deployment.
3. Not revoking former employee access.
How the Ledger Supply Chain Attack Occurred
The Ledger Connect Kit hack was a new iteration of a classic “supply-chain attack,” which gained notoriety with the SolarWinds hack. Such attacks compromise behind-the-scenes infrastructure software and may have caused significant damage to crypto users.
- An attacker phished the account of a former Ledger employee, to gain access to Ledger’s Connect Kit software.
- They then injected malicious “drainer” code into Ledger’s software component that was designed to siphon off digital assets from wallets connected through the Connect Kit.
- The code redirected user funds to the hacker’s own wallet during transactions with dapps that interacted with the infected software.
- The malicious code snatched crypto from wallets connected to services through Connect Kit for a few hours before it was patched.
- Before the issue was patched, the entire web3 ecosystem was at risk.The compromised file was active for only five hours, during which two hours it was actively draining funds.
Other wallet makers like CoolWallet quickly alerted DeFi users to the crisis, with its technical director Wesley Wen warning users not to connect with any dApps due to the compromised software.
Impact on Decentralized Finance (DeFi) Protocols
The impact of the vulnerability extended beyond Ledger, affecting other protocols in the decentralized finance (DeFi) space, such as SushiSwap, Kyber, Revoke.cash, and Zapper. Kyber and Revoke.cash took immediate action, deactivating their respective front ends to prevent further exploitation.
Sushi Swap CTO Matthew Lilley warned Dapp users to not interact with any applications until the situation was resolved.
Ledger Hack: Crypto Security Lessons To Heed For Industry and Users
As David Schwed explains in Fortune, what’s particularly alarming about this incident is that the damage to crypto users wasn’t as catastrophic as it could have been, but the implications for Ledger were severe. The company, known for its strong security, faced a crisis that was entirely preventable. To prevent such internal process failures, crypto projects need to reorient their security standards around more robust security reviews and best practices.
Proper code management
The root of the problem lies in process failures and gaps in security practices, issues that are unfortunately common in the crypto and blockchain world. Many projects in this space have security measures that are either immature or underfunded, focusing too narrowly on finding code vulnerabilities. However, the Ledger hack wasn’t about a flaw in the code itself; it was about how the code was managed and updated.
Employee access control
The initial breach stemmed from a phishing attack targeting a former Ledger employee’s accounts. This raises questions about the need for better anti-phishing training and practices. More concerning was that the former employee still had access to Ledger’s code on a third-party service. This is a glaring oversight in access control.
But the most critical failure was the automatic updating of the Connect Kit code from a live database without any human review. This practice created a significant vulnerability, as there was no check to ensure that the changes were legitimate and not malicious.
Holistic auditing
This incident highlighted the limitations of security audits that focus only on code, instead of covering all the bases. A more comprehensive approach is needed, one that assesses the entire development lifecycle. This includes internal security measures, phishing prevention, and change-management processes.
DELIVERED EVERY WEEK
Subscribe to our Top Crypto News weekly newsletter
User Responsibility
As in any industry, the customer eventually gets to determine the level of quality that they’re willing to accept by voting with their purchases. Crypto users can keep wallet makers on their toes by choosing reputable wallet providers with stellar track records and industry-best standards. This includes implementing strong authentication methods, regularly updating software and firmware, and following best practices for backup storage and recover.
Conclusion
The Ledger hack should serve as a wake-up call for the entire crypto industry. It shows that crypto isn’t inherently insecure, but there’s a pressing need for more rigorous and standardized security practices.
By learning from this incident and implementing best practices, crypto wallet users can better protect their digital assets and avoid similar security breaches in the future.
As the industry matures, companies that invest in robust security measures will stand out for their trustworthiness and longevity. Those who don’t risk being left behind due to avoidable failures.
Crypto users looking to diversify their risk should check out CoolWallet Pro, a pioneering battle-tested hardware wallet reputable track record which has been in existence as long as Ledger has (2014). Its maker CoolBitX celebrates an unblemished 10-year anniversary next year.
With an EAL6+ secure element, biometric verifications, encrypted military-grade Bluetooth and a tamperproof and waterproof wafer-thin design, this elite and convenient hardware wallet allows you to access Web3 and your digital assets anywhere, anytime with absolute discretion.
Learn more about CoolWallet Pro (for DeFi power users), CoolWallet S (for HODLers) and its CoolWallet App, which features SafeScan, an integrated real-time Web3 transaction and dapp scanner to detect and thwart phishing threats, at the links below:
CoolWallet Pro: https://www.coolwallet.io/product/coolwallet-pro/
CoolWallet S: https://www.coolwallet.io/product/coolwallet/
CoolWallet App: https://www.coolwallet.io/coolwallet-app/
