Ledger Commits to Reimbursing Users After Crypto Wallet Exploit

Hardware cryptocurrency wallet provider Ledger will reimburse all users affected by the recent Ledger Connect Kit exploit, which resulted in around $600,000 in stolen assets.
The exploit occurred through blind signing on Ethereum Virtual Machine (EVM) decentralized apps (DApps) like SushiSwap and Revoke.cash. Ledger aims to repay victims by February 2024.
Going forward, Ledger will no longer allow blind signing and will work with the DApp ecosystem to implement “Clear Signing” so users can verify transactions before signing. Ledger expects to end blind signing by June 2024.

Hardware cryptocurrency wallet provider Ledger says it will reimburse all affected users in the aftermath of the Ledger Connect Kit exploit. Ledger took to Twitter on Dec 20 to announce that the firm is aware of roughly $600,000 in assets impacted or stolen from users through blind signing on Ethereum Virtual Machine (EVM) decentralized applications (DApps).

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger…
— Ledger (@Ledger) December 20, 2023

Details of the Exploit

Multiple decentralized applications using Ledger’s connector library, including SushiSwap and Revoke.cash, were compromised on Dec 14, 2023, resulting in massive losses by investors. According to the new announcement, Ledger will ensure that affected victims will be made whole and repaid. The company has pledged to take all necessary measures, including offering gestures of goodwill, to ensure that all affected users are compensated by the end of February 2024. This assurance comes as part of Ledger’s response to an incident that compromised several users’ assets.

Ledger’s Response

In addition, Ledger will continue to work with the DApp ecosystem to allow clear signing but will no longer allow blind signing with Ledger devices. Ledger expects to sunset blind signing with Ledger devices by June 2024. In a recent statement, Ledger, a prominent hardware cryptocurrency wallet provider, has expressed its dedication to enhancing transaction security within the digital asset space. The firm announced its intention to collaborate closely with the decentralized application (DApp) community to implement a feature known as “Clear Signing.” This initiative aims to allow users to thoroughly verify every transaction on Ledger devices before they proceed with signing.

Conclusion

This is a developing story and further information will be added as it becomes available. Ledger appears to be taking responsibility for the exploit and aims to reimburse all affected users. The company also plans to implement measures to improve security and prevent blind signing in the future.

Disclaimer: BlockNews provides independent reporting on crypto, blockchain, and digital finance. All content is for informational purposes only and does not constitute financial advice. Readers should do their own research before making investment decisions. Some articles may use AI tools to assist in drafting, but every piece is reviewed and edited by our editorial team of experienced crypto writers and analysts before publication.