Ledger Pledges Full Compensation for Victims in Multi-DApp Hacking Incident
A significant breach at Ledger, the renowned cryptocurrency wallet provider, has sent shockwaves through the crypto community. On December 14th, a hacker executed a deceitful scheme targeting a former Ledger employee, gaining access to the company’s data management system. This unauthorized access paved the way for the perpetrator to upload malicious code onto Ledger ConnectKit, a repository crucial for developers connecting their DApps to Ledger hardware wallets via Ledger Extension or Ledger Live.
This breach has had a widespread impact, affecting notable protocols like Sushi and others, prompting urgent warnings. Affected parties cautioned that any DApp linked to Ledger’s Web3 data library could potentially be compromised, advising users to abstain from interacting with DApps to ensure their safety.
According to Ledger, the attacker profited $600,000 from the breach. The company swiftly pledged full compensation for all victims and initiated collaboration with law enforcement agencies to track the hacker and recover the funds. In response, Tether froze the hacker’s address, publicly disclosed through Chainalysis.
We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.
We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.
— Ledger (@Ledger) December 20, 2023
In a recent Twitter statement, Ledger assured users of their commitment to reimburse victims by the end of February 2024. They emphasized active communication with affected users, working diligently to address individual cases. Additionally, the company revealed plans to eliminate the Blind Sign feature—allowing transaction signing without displaying details—from their services by June 2024.
The smaller screens on Ledger devices typically necessitate transaction details spread across multiple screens, leading users to opt for Blind Sign. However, in light of the recent breach, Ledger is actively encouraging users to switch to Clear Sign, a method that enables users to verify all transaction details on Ledger devices before signing.
“Our commitment is to collaborate with the community and DApp ecosystem to enable Clear Sign, allowing users to verify all transactions on Ledger devices before signing. We will establish new standards to protect users and promote Clear Sign across DApps,” stated Ledger in a series of Twitter posts following the breach.
Ledger’s proactive measures, including compensation plans and feature removal, signify a strong commitment to restoring trust and enhancing security within the cryptocurrency sphere. However, the incident underscores the persistent challenges of safeguarding digital assets, urging both companies and users to remain vigilant against evolving threats in the crypto landscape.
- Ledger Issues Alert On New Cryptocurrency Scam Exploiting Brand Trust
- Ledger Introduces Delayed Recovery Phrase Backup Feature After 5 Months