Ledger to Disable Blind Signing for Ethereum DApps by 2024
Hardware wallet manufacturer Ledger has announced its plans to disable blind signing for Ethereum Virtual Machine (EVM) decentralized applications (DApps) by June 2024. This decision comes after an exploit where a wallet drainer was added to a library used by multiple DApps to connect with Ledger devices.
Ledger Commits to Compensating Victims
Ledger revealed in a tweet that approximately $600,000 worth of cryptocurrency was stolen during the recent exploit. In response, the company has committed to compensating the affected victims. It also announced that it will discontinue blind signing with Ledger devices by June 2024.
Blind signing involves displaying raw smart contract signing data, readable by computers but not by humans. By phasing out blind signing, Ledger aims to establish a new standard that enhances user protection and promotes clear signing across decentralized applications. The company urges DApp developers to support clear signing and emphasizes its dedication to preventing such incidents in the future.
Exploit Drains Funds from Ledger Users
Last week, developers on Twitter identified a malicious version of the Ledger Connect Kit, a library that facilitates the connection between Ledger devices and DApps. The attacker injected a wallet-draining payload into the library, allowing them to drain funds from users who signed on DApps like Sushi.com and Hey.xyz.
Ledger confirmed that the attack occurred due to a former employee falling victim to a phishing attack. The attacker gained access to the employee’s NPMJS account and pushed a malicious version of the Ledger Connect Kit, rerouting user funds to their own wallet. However, Ledger quickly deployed a fix and released an updated version of the Connect Kit.
Hot Take: Ledger Enhances Security Measures
Ledger’s decision to disable blind signing and compensate the victims demonstrates its commitment to improving security in the crypto industry. By phasing out blind signing, Ledger aims to establish a safer standard for user protection and clear signing across decentralized applications. While the recent exploit was concerning, Ledger responded swiftly to address the issue and released an updated version of the affected library. These actions showcase Ledger’s dedication to preventing similar incidents in the future and ensuring the security of its users and the wider ecosystem.
By
By
By
By