Hardware wallet provider Ledger has announced it will fully reimburse users impacted by the vulnerability that compromised its ConnectKit library last week.
Additionally, the firm promised to disable blind signing—a process where users approve transactions without verifying their content—on its devices for Ethereum virtual machine (EVM)-compatible decentralized applications (dApps) by June 2024.
$600k stolen
In a Dec. 20 statement on X (formerly Twitter), the firm revealed that its ConnectKit library compromise resulted in the theft of approximately $600,000 in digital assets from users who blind-signed on EVM dApps.
Ledger affirmed its commitment to compensating the affected individuals by February 2024 and disclosed its active engagement with these users.
On Dec. 14, CryptoSlate reported that Ledger’s ConnectKit library was hacked by attackers who replaced a genuine version with a malicious file that redirects funds to a wallet controlled by the hacker.
The breach impacted several prominent DeFi projects, including SushiSwap, which immediately advised their users not to interact with the frontend of their websites.
Bolstering security
While Ledger immediately pushed an update to rectify the situation, the firm has further pledged to continue its focus on bolstering security measures to safeguard the ecosystem and prevent future occurrences.
As part of this commitment, Ledger intends to collaborate with the dApp ecosystem to implement Clear Signing—a proce
Go to Source to See Full Article
Author: Oluwapelumi Adejumo
Tip BTC Newswire with Cryptocurrency
Donate Bitcoin to BTC Newswire
Donate Bitcoin Cash to BTC Newswire
Donate Ethereum to BTC Newswire
Donate Litecoin to BTC Newswire
Donate Monero to BTC Newswire
Donate ZCash to BTC Newswire
