ChainCatcher message, the Slow Mist Security Team conducted an in-depth analysis of the Ledger Connect Kit supply chain attack incident and found that this attack was initiated by the notorious Angel Drainer phishing gang. The Angel Drainer phishing gang uses smart contracts to manage the access domain names of malicious JS files. In order to minimize asset losses for Web3 users due to phishing attacks, the Slow Mist Security Team, in collaboration with the Scam Sniffer team, identified thousands of phishing websites through a series of characteristics of the Angel Drainer phishing gang and reported these phishing websites to eth-phishing-detect, hoping to maintain the ecological safety of the Web3 industry with the power of the community.Currently, the Slow Mist Security Team has submitted the discovered phishing websites to eth-phishing-detect: https://github.com/MetaMask/eth-phishing-detect/pull/14528.At the same time, the Slow Mist Security Team used the Dune tool to create a data dashboard to assist the community in viewing the domain names of malicious JS: https://dune.com/misttrack/angel-drainer, so that users can view and protect their assets.

ChainCatcher message, Ledger stated on social media that the official Ledger Connect Kit version 1.1.8 has now been pushed. Ledger and WalletConnect confirmed that the malicious code has been disabled. Users can safely use the Ledger Connect Kit, but it is recommended that users wait 24 hours and clear their browser cache.Previously, hackers exploited a vulnerability in the Ledger Connect Kit to steal approximately $484,000 in assets.Slow Mist founder Yu Sen emphasized that the Ledger wallet itself was not affected; the affected parties are some DApps that rely on the Ledger module.

ChainCatcher message, SlowMist Security Threat Intelligence discovered that @ledgerhq/connect-kit has suffered a supply chain attack, where the attacker implanted malicious JS code in versions of @ledgerhq/connect-kit >1.1.4 to launch phishing attacks against cryptocurrency users. Dapps using @ledgerhq/connect-kit version >1.1.4 are all affected, please check if the following affected versions are used in your code.Affected version range:@ledgerhq/connect-kit 1.1.5 (the attacker left a message in the code)@ledgerhq/connect-kit 1.1.6 (the attacker left a message in the code and implanted malicious JS code)@ledgerhq/connect-kit 1.1.7 (the attacker left a message in the code and implanted malicious JS code)The SlowMist Security Team recommends exercising caution when interacting with DApps until an official fix is clearly provided.