Ledger, in an replace following final week’s assault, has promised to make customers entire.
An attacker phished a former Ledger worker and was capable of entry the corporate’s package deal supervisor, the place they uploaded a malicious code to ConnectKit. The attacker, in keeping with Ledger, made off with $600,000.
“We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February 2024. We are already in contact with many impacted users and are actively working through the specifics with them,” the corporate stated in a put up on X.
The corporate will make victims entire within the wake of the assault, and is working with regulation enforcement to trace down the hacker and get better the funds.
“Ledger has engaged with authorities and is doing all we can to help as this investigation unfolds. Ledger will support affected users in helping to find this bad actor, bring them to justice, track the funds and work with law enforcement to help recover stolen assets from the hacker,” CEO Paul Gauthier stated final week.
Following the assault, Tether froze the attacker’s handle, which was additionally revealed to Chainalysis.
The attacker’s code was lively for roughly 5 hours. Decentralized trade SushiSwap alongside Revoke.money warned that they had been impacted. Ledger applied a repair later the identical day.
Moreover, the corporate plans to finish blind signing by June 2024. When signing a transaction, “blind” refers to signing with out the pockets providing full visibility or understanding of the transaction particulars.
In posts on X following the assault, the corporate pushed customers to solely use Clear Signal on their transactions.
“In the meantime, we’d like to remind the community to always Clear Sign your transactions — remember that the addresses and the information presented on your Ledger screen is the only genuine information,” Ledger stated on the time.
“Our commitment is to work with the community and dapp ecosystem to allow Clear Signing so users can verify all transactions on Ledger devices before signing. This will lead to a new standard to protect users and encourage Clear Signing across dapps,” Ledger stated Wednesday.
Ledger’s small show usually requires paging via many — generally dozens — of screens displaying encoded transaction particulars, which is why customers usually opted for blind signing.
The corporate warned that front-end assaults aren’t going away, so the “only foolproof countermeasure for this type of attack is to always verify what you consent to on your device…This is only possible with Clear Signing: meaning you can see and verify exactly what you sign on a secure display.”
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
