Ledger ex-staff phished in library compromise
The hard wallet maker said a former employee fell victim to a phishing scam, which allowed a hacker to access the library and steal $480,000 in crypto. Ledger’s chairman and CEO, Pascal Gauthier, attested to an exploit on Ledger Connect Kit, a Javascript library to connect Web sites to wallets on several defi platforms. Gauthier’s letter said the incident was isolated to third-party applications and stressed that Ledger’s hard wallet products remained unaffected. The standard practice at Ledger is that no single person can deploy code without review by multiple parties. We have strong access controls, internal reviews, and multi-signature code when it comes to most parts of our development. This is the case in 99% of our internal systems. Any employee who leaves the company has their access revoked from every Ledger system. Pascal Gauthier, chairman and CEO, Ledger However, Gauthier confirmed that an ex -staff was hacked by a phishing scammer who then used compromised acc...