Tool used in Ledger hack altered file domains since November

Since late November, Angel Drainer, the tool used in the Ledger hack, has been leveraging a smart contract to modify static file domains.

Angel Drainer, in essence, is a type of malicious software, or malware, that specializes in draining cryptocurrency assets from wallets. Etherscan data shows that the tool has been used since last month to update five static file domains to redirect users to compromised versions of software or web pages, thereby enabling unauthorized access to their crypto assets

Yesterday’s Ledger Connect Kit hack led to a loss of approximately $484,000 to over $600,000. The malicious file remained active for approximately five hours, although the window for fund drainage was less than two hours. Ledger pushed out a genuine software update shortly after to replace the malicious file and has been actively engaging with affected customers.

The use of Angel Drainer in this manner underscores the growing sophistication of cyberattacks targeting the crypto wallet providers