Ledger On Security Vulnerability Incident: Victims Will Be Made Whole

Ledger addressed the recent security incident that took place, and fortunately, it seems that the victims will be made whole, which is terrific news. Check out the latest reports about this below.

Ledger, a hardware wallet company, has addressed a security vulnerability in its products that was recently exposed.

On December 14th, the company announced that one of its employees was targeted in a phishing attack, which allowed a malicious version of the Ledger Connect Kit to be published.

This affected users who connected to decentralized applications (DApps).

The attacker’s USDT address was frozen by Tether, the largest stablecoin issuer in the world, after the exploit, preventing much of the funds from being moved further.

Ledger has confirmed that around $600,000 in assets were impacted and has assured users that it will make them whole and prevent similar incidents from occurring in the future.

“We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February 2024. We are already in contact with many impacted users and are actively working through the specifics with them.

We remind users that if you signed a transaction on affected DApps December 14th, 2023, best security practices would recommend revoking any authorized transactions to further reduce impact from the malicious code.”

Ledger plans to disable the option to blind-sign transactions in the future, as a response to past front-end attacks.

Blind signing allows users to skip the process of signing transactions before allowing a smart contract to interact with their wallets.

To ensure user safety, Ledger aims to prohibit this practice.

The company believes front-end attacks will continue to plague the ecosystem, and the only foolproof countermeasure is for users to always verify what they consent to on their device.

Stay tuned for more news from the crypto space.