Tether freezes wallet of Ledger library exploiter; Ledger provides more details

Tether, the company behind the USDT +0.26% stablecoin, froze the address of an attacker who drained funds from several protocols, Tether CTO Paolo Ardoino wrote on X on Wednesday. 

The address received around $483,000 of various assets, according to wallet analytics site DeBank, including $44,000 in USDT. The wallet also interacted with the AngelDrainer phishing group and sent 4.334 ETH to its wallets.

Tether freezing the wallet means that it can no longer send any USDT in the wallet to other addresses. The wallet is still able to make other transactions.

Researchers earlier reported that Ledger ConnectKit library, a code repository used by the hardware wallet provider Ledger, was hacked and injected with a malicious code draining victims' wallets. As a result, front-ends of various DeFi protocols became vulnerable. 

Kyber and RevokeCash disabled their front-ends and Sushi Swap CTO Matthew Lilley warned users to not interact with any dapps at all on Wednesday morning.

A patch is out

Ledger wrote on X that the company has already issued a patch now available in the Ledger Connect Kit version 1.1.8. The company said its former employee fell victim to a phishing attack, which enabled the attacker to gain access to their account and add new code.

"The attacker published a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7). The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet," the ledger team wrote, adding that the company was alerted of the incident and deployed a fix within 40 minutes.

"The malicious file was live for around 5 hours, however we believe the window where funds were drained was limited to a period of less than two hours," Ledger wrote, thanking WalletConnect service, Tether, blockchain analytics firm Chainalysis and on-chain sleuth ZachXBT for help.