Library Exploit Victims to Receive Reimbursement from Ledger by February

Ledger Plans to Reimburse Defi Participants for Stolen Assets

Hardware crypto wallet maker Ledger has announced its plan to reimburse approximately $600,000 in digital assets that were stolen during a recent incident. The theft occurred due to a connector kit exploit targeted at the front end of EVM dapps, affecting numerous crypto users, including those using exchanges and web3 tools like Revoke.cash.

Action Plan to Deactivate Blind Signing

Ledger has acknowledged the exploit and has committed to reimbursing all victims, including non-customers, by February. In addition, the company has outlined an action plan to deactivate blind signing, a feature that facilitated the attacker’s efforts in stealing cryptocurrencies. By June 2024, users will no longer be able to blind sign with Ledger devices. Instead, clear signing will be implemented to allow users to verify transactions on their Ledger devices before signing.

⚠️Please always be aware of on-going phishing and scams.

We only have two genuine social media accounts, @ledger and @ledger_support.

The rest are all fake accounts.

ANYONE asking for your 24-word Secret Recovery Phrase IS a criminal.

(End of post)

— Ledger (@Ledger) December 20, 2023

Phishing Scam and Compromised Github Access

Ledger CEO Pascal Gauthier revealed that the theft was carried out by a phishing scammer connected to the Angel Drainer hacker. The attacker gained access to compromised Github accounts and published malicious code that affected a widely used web3 library employed by dapps like SushiSwap.

Tether Freezes Hacker’s Address

Following investigations, the hacker’s address was frozen by stablecoin operator Tether to prevent further transactions and potential laundering of stolen funds.

Tether just froze the Ledger exploiter address

— Paolo Ardoino 🍐 (@paoloardoino) December 14, 2023

Controversies Surrounding Ledger

This incident adds to the controversies faced by Ledger throughout the year. The company previously experienced an issue where customers lost Bitcoin (BTC) and Ether (ETH) due to a fake version of its service on Microsoft’s App Store. Additionally, Ledger faced criticism for its recovery service, which provided a means to regain access even without the secret seed phrase.

Hot Take: Ledger Takes Responsibility and Implements Security Measures

Ledger has taken responsibility for the recent theft incident and plans to reimburse affected users. The company also aims to enhance security by deactivating blind signing and implementing clear signing for transaction verification. While the incident may have caused minimal impact, it highlights the importance of staying vigilant against phishing scams in the crypto space. Ledger’s actions, including freezing the hacker’s address, demonstrate their commitment to protecting user funds and improving their products and services.