Hackeos series analysis by Ledger's vulnerability

avatar

Image generated with Playground and edited by me in Photoshop

Hello friends, today I come with something different, I want to share with you a concern that I have and that many often ignore. Recently, a series of hacks have occurred in several decentralized applications (DApps) on the Ethereum blockchain, and as always, everything was caused by human "carelessness." I am going to briefly tell you the things that occurred, and then I will reflect on why this occurs even with all the alerts and news that come out daily on these cybersecurity issues.

Recently, a hacker had the "brilliant" (it must be recognized that even if it is a criminal act) idea of modifying a Ledger application used by several Ethereum ecosystem DApps. But how could they do this? Do they not have security measures to prevent this? If there are, but as always, human error can break millions of dollars spent on security.

The hacker orchestrated a scheme to deceive a "former employee" of Ledger through phishing techniques and compromise his computer to obtain access keys. These keys allowed the hacker to enter the GitHub repository used by Ledger to distribute connection updates that DApps use. Once access was gained, the hacker modified the original update, including an exploit (computer virus). The DApps, detecting a new update in the repository, were automatically updated, carrying the virus to the platforms and infecting all users who interacted with them. The hacker managed to extract several hundred thousand dollars from these applications, using users to sign malicious transactions. In a short time, the problem was detected and solved immediately, but the damage was already done, and unfortunately, they couldn't prevent major consequences.

Ledger treated the incident as an isolated case and claimed to have already resolved it. They announced plans to take a series of measures to enhance security and stated that they are working with judicial authorities to apprehend the criminal and bring them to justice to answer for their actions.

The truth is that these types of hacks are happening more and more, where hackers exploit vulnerabilities in protocols, smart contracts, or due to human errors. The attacks are becoming more sophisticated every year. With the growth of artificial intelligence (AI) in all fields, cybercriminals take advantage of this to conduct more sophisticated attacks in less time.

There is not enough awareness about cybersecurity, and we navigate online by clicking on any link or opening any unknown email out of curiosity. Others chase after large rewards that seem impossible at first glance and still believe in them. Many think that having an antivirus makes them safe or that using a certain operating system means they cannot be infected with malware.

You have to study a lot to understand how all these systems and protocols work to be prepared and not fall into the traps of criminals. Understanding how they operate can help you detect an attack in time and avoid becoming a victim of it. Distrusting everything, not opening unknown links or suspicious emails, checking URLs thoroughly on the pages we visit, and considering a series of measures can save you from becoming one more victim.

From here, I invite you to delve into and study a lot about cybersecurity because in this increasingly connected and internet-dependent world, knowing how to defend oneself is crucial to keeping our data and funds safe. Never trust blindly because you could be the next victim.

References:

Original text created in Spanish and translated and formatted with Hive Translator by @noakmilo.

Hardware used
💻 Dell Vostro-3500

Social Media
twitter | telegram | hive

Posted Using InLeo Alpha



0
0
0.000
0 comments