Hardware Wallet Manufacturer Ledger Responds to Security Breach
Following a recent security breach resulting in the theft of $600,000 worth of user assets, hardware wallet manufacturer Ledger has taken responsibility for the incident. The company has pledged to enhance its security protocols and eliminate Blind Signing by June 2024.
Ledger Takes Responsibility For ConnectKit Attack
In a statement, Ledger emphasized its commitment to addressing the security incident and preventing similar occurrences in the future. The company acknowledged the impact of the ConnectKit attack on approximately $600,000 in assets, particularly affecting users blind signing on Ethereum Virtual Machine (EVM) decentralized applications (dApps).
Ledger has initiated contact with affected users and is actively working with them to resolve their specific cases. CEO Pascal Gauthier has personally taken charge of the restitution process to ensure affected victims, including non-Ledger customers, are fully compensated.
Heightened dApp Security Measures
The attack exploited the Ledger Connect Kit, injecting malicious code into dApps utilizing the kit. This code redirected assets to the attacker’s wallets, tricking EVM dApp users into unknowingly signing transactions that drained their wallets.
Ledger quickly deployed a genuine fix for the Connect Kit within 40 minutes of detection. The company plans to strengthen access controls, conduct audits of internal and external tools, reinforce code signing, and improve infrastructure monitoring and alerting systems.
Ledger will also educate users on the importance of Clear Signing and the potential risks associated with blind signing transactions without a secure display. Clear Signing provides users with a clear and readable representation of transaction details, allowing them to review and validate transactions before providing their signature.
Hot Take: Ledger Enhances Security Protocols Following Breach
Hardware wallet manufacturer Ledger has responded to a security breach by taking responsibility for the incident and implementing measures to prevent future occurrences. The company has pledged to enhance security protocols by eliminating Blind Signing and promoting Clear Signing, providing users with greater transparency and verification when conducting transactions.
Ledger is actively working with affected users to resolve their cases and ensure full compensation. The company also plans to strengthen access controls, conduct audits, reinforce code signing, and improve infrastructure monitoring. By prioritizing user protection, Ledger aims to set a new standard for security in the crypto industry.
By
By