Ledger Hack: the company will compensate for the damage
After last week’s ledger hack, the company wants to make amends for damages. Not only was compensation of almost $600,000 announced, but also sustainable improvements in DeFi.
Ledger Hack: This is how the company wants to make up for damage
After the Ledger hack last week, the French manufacturer of hardware wallets has now announced sustainable countermeasures. The first goal is to compensate all injured users, as the company announced in a Twitter message .
Around $600,000 in damage was caused after an unknown hacker was able to gain access to Ledger’s Github library. Malware redirected users’ funds during transactions to the attacker’s wallet.
In some cases, there was also damage to users who had not used a Ledger wallet, it was explained. However, it is not clear from the statement how this came about. The hack ultimately targeted the Ledger Connect Kit.
“We commit […] that [compensation] will be made by the end of February 2024. We are already in contact with many affected users and are actively working with them on the details,” writes Ledger.
DeFi should achieve sustainable improvements
Through the incident, Ledger also wants to commit to establishing sustainable improvements in the DeFi sector in collaboration with the crypto industry. This is about the way transactions are verified.
To date, transactions via ledger devices have usually been carried out using so-called blind signing . The user sees that he is supposed to confirm a transaction, but it is not clear where exactly the funds are going.
The attacker took advantage of this functionality by replacing his own wallet address with that of the dApps that were actually selected. Ledger therefore announced that it would generally abolish blind signing.
We are announcing that starting June 2024, users will no longer be able to blind sign with Ledger devices.
From then on, only clear signing will be possible. In this case, users can see exactly to which address their cryptocurrencies are being transferred. This procedure is intended to make it easier for users to check the correct address to prevent theft.
“This will lead to a new standard to protect users and promote clear signing in dApps,” hopes Ledger.
The hope is quite realistic, because Ledger is currently the largest manufacturer of hardware wallets on earth. After the last incident, some big names in the scene had already called for a boycott of Ledger. The company’s work is simply too sloppy, so the argument goes.
Ledger encourages users to check each transaction manually to avoid this type of theft. Dapp developer calls on Ledger to get in touch to spread the technical basis for clear signing to as many decentralized applications as possible.
“We would like to remind you once again that Ledger devices and Ledger Live have always been secure and are not compromised by this vulnerability,” Ledger concludes.