Morning Minute | Crypto Hack Tied to Ledger Exploit

Morning Minute | Crypto Hack Tied to Ledger Exploit

TylerD's Market Summary

Plus BONK has gone wild after being listed on Coinbase, with some major (and surprise) impacts for the Solana ecosystem.

๐Ÿšฉ Crypto Hack De-Brief

Wednesday evening crypto sentiment was euphoric.

Jerome Powell and the Federal Reserve had halted rate hikes and signaled cuts coming in 2024.

Crypto prices were surging.

Well that euphoria was quickly replaced by fear and widespread panic Thursday morning after a hack surfaced impacting Ledger.

What Happened?

Ledger's Connect Kit, a tool for linking websites to cryptocurrency wallets, was compromised yesterday morning.

Core details of the exploit:

  • The hacker was only able to steal $479,920 based on early reports
  • The cause of the exploit was a phishing attack on a former employee, which led to the unauthorized upload of malicious code to Ledger's NPMJS (a package manager for code)
  • Impact was limited to third-party DApps using the Ledger Connect Kit library, with users who interacted with sites running the exploited software were vulnerable
  • Ledger hardware itself and Ledger Live were not directly impacted (i.e. crypto funds held in Ledger wallets)

Ledger first posted about the exploit at 8:31 a.m. ET.

They shared a timeline, brief evaluation and action plan at 10:49 a.m. ET.

And then at 1:45 p.m. ET they shared a note that their updated code base within Ledger Connect Kit had been fully propagated (giving the "all clear" signal).

So the whole event lasted about 6 hours, with most of the panic coming in the first few hours when the depth of the exploit was still unknown.

Certainly the Ledger team should be applauded for their quick resolution - but was it enough?

Why It Matters

Ledger is a leader in the crypto wallet security space.

Their tagline on X is "We provide uncompromised self-custody solution for the revolution of value."

Unfortunately, that is no longer true.

And although the scope of damage in drained funds was minimal, the scope of brand impact is likely larger.

If you can't trust your cold wallet provider to keep your crypto safe - who can you trust?

Many will be looking for new cold wallet providers after this incident.

The event was also a reminder in best security practices for those who self-custody and transact in the crypto economy.

As a quick reminder, one recommended method (touted by Punk6529, widely trusted in the space) is the TAP method.

Three Address Protocol.

One Vault wallet which is "cold" and never connected to sites (only for transferring tokens in and out)

One Transaction wallet which is "warm" and only used to buy/sell from trusted exchanges and then transferred to the Vault for storage post-transaction

One Minting wallet which is "hot" and used for higher risk activities like minting, farming new protocols, etc. Anything bought should be transferred to the Transaction or Vault wallet immediately after use.

Ultimately, if this exploit leads to better user security principles being put in place across web3 - this may be a win.

But doubtful there's a way to salvage a win for Ledger. Only their competitors.

๐Ÿ“ฒ BONK Mania Leads To Solana Phone Sell-Out

Coinbase listed BONK officially on Thursday and all hell broke loose.

In a good way.

BONK rallied a full 100% on the day to a $1.8B market cap.

That's now a whopping 970% gain on the month and an insane 177x on the 2 month.

It has put the PEPE rally to shame and taken over as the hot new meme of the moment.

And there have been some incredible impacts for the Solana ecosystem.

  • SOL is up 6% on the day to $77.50 while other leaders are red
  • The Solana Saga phone sold out due to its coming with what was once $10 worth of BONK, now worth more than the $599 phone
  • Some Solana devs were given $300 worth of BONK last Christmas, now worth over $500k if held
  • Other SOL memecoins are rallying, like WIF (dogwifhat) which popped 100% on the day past a $50M marketcap 

The Solana meme explosion has (at least briefly) hurt ETH memecoin trading volume and interest.

The action is on Solana now.

Cheers to all the BONK holders out there who are definitely having a Merry Christmas!

๐Ÿšš What else is happening in NFTs?

Here is the list of other notable headlines from the day in NFTs:

  • ETH trading volume fell to $20.5M on Thursday, while NFT leaders mostly saw red down 2-5%
  • Overworld Incarna minted out overnight at 0.15 ETH and quickly soared to a 1.5 ETH floor, leading volume on ETH
  • Bitcoin led all chains in volume with $64M as BRC-20s took 7 of the top 10 spots on the NFT leaderboard and 15 of the top 20
  • Solana NFT volume topped ETH $24M to $14.6M with CryptoSlam's wash-adjusted metrics; SOL NFT leaders mostly chopped on the day
  • Yuga Labs dropped a new trailer for Legends of the Mara called "Catalysis" teasing highlights of the game's next chapter
  • Parallel Avatars jumped 29% to 1.15 ETH as $PRIME rallied; Pixelmon jumped 18% to 2.19 ETH as its token drop draws closer
  • NBA Top Shot introduced Team Packs, a new fan-centric collectible featuring only players from a fan's favorite NBA team

๐ŸŒŽ Around Crypto and Web3

A few other Crypto and Web3 headlines that caught my eye:

  • Crypto majors were mixed on the day; BTC -1.2% at $42,610; ETH -1.8% at $2,260; SOL +6% at $77.5
  • Coinbase's BONK listing led to the coin 2x'ing to a $1.8B marketcap, and Binance announced it would list as well
  • $PRIME briefly hit $11.50 overnight, a smashing new ATH, before settling at $10.17 and a $267M market cap

๐Ÿš€ NFT Total Volume

  • Pudgy Penguins (1,316 ETH, 11.18 ETH Floor)
  • MAYC (1,270 ETH, 5.34 ETH)
  • BAYC (921 ETH, 27.8 ETH)
  • Matr1x Kuku (866 ETH, 3.11 ETH)
  • Milady (707 ETH, 2.8 ETH)

๐Ÿ“ˆ NFT Floor Price Increase

  • Pixelated Llama (60%, 0.27 ETH Floor)
  • Infinigods (57%, 0.23 ETH)
  • Pixelmon Trainers (35%, 0.49 ETH)
  • Parallel Avatars (29%, 1.15 ETH)
  • Farm Land (25%, 1.74 ETH)

๐Ÿ—“ Upcoming NFT Mints and Reveals

Today is another very busy day of drops and presales.

Basically every major event from yesterday was pushed to today due to the Ledger exploit, so check X pages to confirm times on everything.

The PROOF Grails mint is a highlight today ahead of the Sunday reveal, along with the PORTAL presale given recent token mania.

See the full list and dive in for more details with Swizzy's daily mint monitor

  • PORTAL presale (10:00 a.m. ET)
  • Wallet War - game launch (10:00 a.m. ET)
  • Memes by 6529 (11:00 a.m. ET) 
  • PROOF - Grails V (11:00 a.m. ET)

Enjoy this write-up and/or want to sponsor the Morning Minute? Follow along with me on Twitter @tyler_did_it or reach out via email

Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.