Tether Freezes Ledger Exploiter Loot in Wild 24 Hours for DeFi

• Tether has frozen USDT belonging to the Ledger exploiter.
• The exploiter made off with an estimated $600k in crypto assets.
• The hack has been linked to a former Ledger employee.

Over the past 24 hours, a hacker spread panic across the entire DeFi ecosystem by hacking Ledger’s Connect Kit library to mount a large-scale wallet-draining exploit across multiple decentralized applications. However, this hacker’s reign of terror proved fleeting, as Ledger quickly responded with a fix. In addition to this, part of the hacker’s loot has now been frozen by Tether as investigations enter high gear.

Ledger Exploiter Loot Frozen

In an X post hours after the Ledger exploit on Thursday, December 14, Tether CEO Paolo Ardoino revealed that the firm had frozen the USDT of the hacker.

The development comes as investigations into the attack and efforts to recover the estimated $600k in losses enter high gear. 

Per analysis of Arkham Intelligence data at the time of writing, the drainer address shared by Ledger now holds only about $274k, as the hacker has made efforts to spread the loot over the past 24 hours. The current balance includes 44k USDT, which Tether has now frozen. 

The Ledger Hack Unraveled

In a final update to customers and crypto community members at about 3:49 pm UTC on Thursday, December 14, Ledger explained that the hacker had gained access to Ledger’s internal systems by duping a former employee via a phishing attack.

After gaining access to Ledger’s systems, the hacker infused malicious software into the firm’s Connect Kit, which was integrated with multiple DApps to allow users to facilitate transactions from their Ledger hardware wallet. With this malware in place, the hacker was able to compromise the front end of several DApps, including SushiSwap, Zapper, and Revoke.Cash prompts unsuspecting users to connect their wallet to a drainer.

Ledger noted that the malware was up for approximately five hours, with most of the hacker’s loot obtained within the first two, likely due to prompt warnings from several influential crypto community members, including Sushi CTO Matthew Lilley.

While Ledger quickly released a fix, the firm cautioned users to wait 24 hours before using DApps that use the Connect Kit as developers may take different timelines to implement necessary changes.

The hardware wallet service provider has contacted Chainalysis for help hunting down the perpetrator and recovering user funds.

On the Flipside

• The freezing of the Ledger exploiter’s USDT sparked renewed Tether centralization concerns within the crypto community.
• The amount frozen by Tether represents a small fraction of the exploiter’s total loot.
• Despite Ledger’s assurances, several crypto community members remain skeptical about using dApps that support the Connect Kit.

Why This Matters 

Tether’s action highlights that progress is being made to recoup user funds, bringing hope to victims of the recent exploit.

Read this to learn more about the Ledger hack:
Sushi CTO Warns Ledger Connector Exploited: How to Stay Safe

Find out how Polygon benefits from CCTP support:
Here’s How Polygon Benefits from Circle (USDC) CCTP Support