Ledger

The Ledger Connect Kit software of the Paris-based business was compromised by a phishing attempt targeting a former worker.

During transactions using decentralised applications, or dapps, that utilised the compromised software, the hacker released malicious code that routed user funds to their own wallet.

Source: https://www.databreaches.net/crypto-wallet-maker-ledger-to-reimburse-hack-victims/

TPRM report: https://scoringcyber.rankiteo.com/company/ledgerhq

"id": "led743221223",
"linkid": "ledgerhq",
"type": "Breach",
"date": "12/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Technology',
                        'location': 'Paris',
                        'name': 'Ledger',
                        'type': 'Business'}],
 'attack_vector': 'Phishing',
 'description': 'The Ledger Connect Kit software of the Paris-based business '
                'was compromised by a phishing attempt targeting a former '
                'worker. During transactions using decentralised applications, '
                'or dapps, that utilised the compromised software, the hacker '
                'released malicious code that routed user funds to their own '
                'wallet.',
 'impact': {'systems_affected': ['Ledger Connect Kit Software']},
 'initial_access_broker': {'entry_point': 'Phishing email targeting former '
                                          'worker'},
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Phishing attack on former worker'},
 'threat_actor': 'Unknown hacker',
 'title': 'Phishing Attack on Ledger Connect Kit Software',
 'type': 'Phishing Attack',
 'vulnerability_exploited': 'Compromised software via phishing'}

Ledger

Intelligence and Security Committee (ISC)

Meta

Gladney Centre for Adoption