More than $500,000 worth of cryptocurrency was noted by Blockaid to have been exfiltrated across 500 to 1,000 wallets following a cyberattack against crypto asset hardware wallet manufacturer Ledger's Ledger Connect Kit software, reports BNN Bloomberg.
Such a compromise was achieved through a phishing attack against a former Ledger employee that enabled the injection of malicious code that facilitated the fund exfiltration process during decentralized app transactions over a nearly five-hour-long period, according to Ledger, which emphasized the safety of Ledger Connect Kit after disabling the injected code.
Meanwhile, Blockaid co-founder and Chief Technology Officer Raz Niv noted that the attack has also affected individuals who do not use Ledger.
"It is affecting anyone with a wallet that is connecting to a dapp that includes this piece of code," said Niv, who warned of the threat's presence in the Zapper crypto portfolio tracker and the Sushi decentralized exchange.
Persistent cyber threats against the cryptocurrency industry were also noted by Blockaid co-founder and CEO to have an adverse effect on the sector.
Thousands of organizations across the U.S. have been targeted by a new phishing campaign deploying the Bumblebee malware, which was last observed in the wild in September, according to BleepingComputer.