Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack>
Sonatype Blog – lkka Turunen
The key details are:
– Ledger discovered malicious code in versions 1\)1\)5 to 1\)1\)7 of its open source package @ledgerhq/connect-kit, affecting over 20,000 dependent repos.
– An employee’s phishing led to attackers gaining access to Ledger’s npm account to publish the compromised packages.
– Version 1\)1\)7 directly embedded a crypto drainer malware, while 1\)1\)5-1\)1\)6 downloaded a secondary drainer package.
– The drainer presented a fake modal to steal funds from connected wallets, draining over $600K in hours.
– Ledger released a clean 1\)1\)8 version and recommends reinstalling affected packages to mitigate the issue.
– This underscores the growing threat of software supply chain attacks targeting open source, and criminals’ evolving tactics to quickly monetize malware.
– Regular audits, monitoring, and updates are needed to counter such stealthy attacks on development ecosystems.
In summary, the incident demonstrates how attackers compromised an open source package used widely to embed crypto-stealing malware, affecting many projects through supply chain infiltration.
Link: https://blog.sonatype.com/decrypting-the-ledger-connect-kit-compromise-a-deep-dive-into-the-crypto-drainer-attack