0
0
In the aftermath of the recent security breach that impacted users’ blind signing on EVM DApps, Ledger, a leading crypto wallet provider, is taking definitive steps to rectify the situation and fortify the ecosystem against future threats.
Approximately $600k in assets were stolen from affected users in the incident that occurred on December 14th, 2023. Ledger’s CEO has reaffirmed the company’s commitment to compensating all victims, even extending support to non-Ledger customers affected by the attack.
“We are focused on rectifying the losses suffered by our users due to this breach. We pledge to ensure all impacted individuals are made whole by the end of February 2024,” stated the CEO.
Moreover, Ledger has announced plans to phase out Blind Signing with their devices by June 2024. Instead, they aim to collaborate with the DApp community to enable Clear Signing, empowering users to verify transactions on Ledger devices before authorization.
“The shift to Clear Signing is pivotal in enhancing security across DApps. It offers users the ability to directly verify and consent to transactions, a critical step in safeguarding against front-end attacks,” remarked a Ledger spokesperson.
While reassuring users that Ledger devices and Ledger Live remain secure and were not compromised by the exploit, the company advises affected individuals to revoke any authorized transactions made on the affected DApps on December 14th, 2023, as a precautionary measure.
Calling upon DApp developers to embrace Clear Signing as a security measure, Ledger has opened channels through their Developer portal and Discord for collaborative efforts.
The recent breach underscores the urgency for heightened security measures within the crypto ecosystem. Ledger’s proactive approach and commitment to compensation and future safeguards mark a significant step towards fortifying user protection and preventing similar incidents in the future.
