Ledger, a well-known company that makes hardware wallets for cryptocurrencies, has said it will pay users who were hacked through blind signing on Ethereum Virtual Machine (EVM) decentralized apps (DApps).
The company said this on December 20 through X, They admitted that assets worth about $600,000 were lost or stolen because of this weakness.
We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.
— Ledger (@Ledger) December 20, 2023
We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.
Ledger…
The security breach happened on December 14, 2023, and it impacted many DApps that used Ledger’s connector library. Notable platforms that were affected were SushiSwap and Revoke.cash. For many buyers, this event caused them to lose a lot of money.
Ledger has promised to fully repay the users who were affected by this, making sure they are “made whole.” The company wants to finish this process by the end of February 2024, and they have already started talking to many of the affected users to figure out how to pay them.
In order to improve security and stop similar problems from happening again, Ledger has also chosen to stop users from blindly signing documents with its devices. This feature will be taken away by the company in stages by June 2024. In its place, Ledger will work with the ecosystem of DApps to support Clear Signing. Users will be able to check all the details of a trade on their Ledger devices before confirming it. This will make the process safer and more open.
Ledger’s statement shows that it wants to work closely with the DApp community and other interested parties to create new rules that put user safety first and encourage the use of Clear Signing in many decentralized apps.
ALSO READ
- Is your crypto safe? Urgent patch needed after attack on Ledger DApp connector
- Is Ledger Live spying on you? Data collection raises concerns