- Hardware cryptocurrency wallet provider Ledger will reimburse all users affected by the recent Ledger Connect Kit exploit, which resulted in around $600,000 in stolen assets.
- The exploit occurred through blind signing on Ethereum Virtual Machine (EVM) decentralized apps (DApps) like SushiSwap and Revoke.cash. Ledger aims to repay victims by February 2024.
- Going forward, Ledger will no longer allow blind signing and will work with the DApp ecosystem to implement “Clear Signing” so users can verify transactions before signing. Ledger expects to end blind signing by June 2024.
Hardware cryptocurrency wallet provider Ledger says it will reimburse all affected users in the aftermath of the Ledger Connect Kit exploit. Ledger took to Twitter on Dec 20 to announce that the firm is aware of roughly $600,000 in assets impacted or stolen from users through blind signing on Ethereum Virtual Machine (EVM) decentralized applications (DApps).
Details of the Exploit
Multiple decentralized applications using Ledger’s connector library, including SushiSwap and Revoke.cash, were compromised on Dec 14, 2023, resulting in massive losses by investors. According to the new announcement, Ledger will ensure that affected victims will be made whole and repaid. The company has pledged to take all necessary measures, including offering gestures of goodwill, to ensure that all affected users are compensated by the end of February 2024. This assurance comes as part of Ledger’s response to an incident that compromised several users’ assets.
Ledger’s Response
In addition, Ledger will continue to work with the DApp ecosystem to allow clear signing but will no longer allow blind signing with Ledger devices. Ledger expects to sunset blind signing with Ledger devices by June 2024. In a recent statement, Ledger, a prominent hardware cryptocurrency wallet provider, has expressed its dedication to enhancing transaction security within the digital asset space. The firm announced its intention to collaborate closely with the decentralized application (DApp) community to implement a feature known as “Clear Signing.” This initiative aims to allow users to thoroughly verify every transaction on Ledger devices before they proceed with signing.
Conclusion
This is a developing story and further information will be added as it becomes available. Ledger appears to be taking responsibility for the exploit and aims to reimburse all affected users. The company also plans to implement measures to improve security and prevent blind signing in the future.
