Ledger still faces a significant security challenge following hack. Compromising Ledger’s Connect Kit resulted in a wallet-draining exploit that affected multiple DApps in the DeFi ecosystem. This attack, which occurred last week, led to the loss of approximately US$600,000 in user crypto assets. In response to this incident, Ledger revealed a comprehensive plan to compensate victims and strengthen its security measures.
Ledger has confirmed that it will provide full refunds to victims of the December 14 attack, including non-Ledger customers. “We are aware of approximately $600K in impacted assets stolen from users blindly subscribing to EVM DApps. Ledger will ensure that affected victims are made whole,” the company said in a statement. Refunds are expected to be up to date by February 2024, with the company already in contact with some of the affected users.
We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.
We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.
Ledger…
— Ledger (@Ledger) December 20, 2023
How does Ledger work to prevent other similar situations?
In parallel with the clearing efforts, Ledger is also working to strengthen its security. The company plans to implement a clear signature system by June 2024. This system will provide Ledger users with an understandable summary of their transactions, in contrast to blind signature, which presents raw data not interpretable by users. This measure aims to prevent the inadvertent signing of malicious transactions.
The attack occurred when a hacker gained access to Ledger’s internal systems by hacking a former employee and injected malicious software into the Connect Kit library. This attack compromised the front-end of several dApps, such as SushiSwap and Revoke.Cash, leading users to connect their wallets to a wallet drainer without their knowledge.
What were the consequences of the attack?
Although Ledger quickly responded with a fix within hours of the attack, the hacker still managed to escape with a significant amount of crypto assets. The company is now collaborating with authorities and using tools like Chainalysis to track the attacker, whose address has already been identified.
Additionally, Ledger warned users about ongoing phishing scams that may target desperate victims seeking recovery. Therefore, this announcement brings significant relief to users affected by the hack, offering tangible hope for recovery.
Ledger’s response to this incident is crucial not only for the victims, but for the DeFi ecosystem as a whole, reaffirming the need for robust security and protective measures for crypto users.
Disclaimer:
The views and opinions expressed by the author, or anyone mentioned in this article, are for informational purposes only and do not constitute financial, investment or other advice. Investing or trading cryptocurrencies carries a risk of financial loss.
Source: https://portalcripto.com.br/ledger-anuncia-compensacao-para-vitimas-de-hack-e-reforco-em-seguranca/
