News - Ledger wallet seeks to compensate wallet hack victims
By
Exactly one week ago, security experts noticed that attackers were using the code for the connection between the Ledger wallet and decentralized applications (dApps) had infiltrated. They were able to gain up to US$600,000 steal from unsuspecting users before Ledger updated the code and fixed the flaw.
The French wallet operator is now trying to make up for the momentous security breach on Dec. 14. This was revealed in a tweet yesterday.
We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.
— Ledger (@Ledger) December 20, 2023
We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.
Ledger…
According to the tweet, Ledger is "100 percent focused on following up on last week's incident." The company also wants to prevent this type of incident in the future and "ensure that the ecosystem remains secure."
To that end, the company plans to " compensate" affected users and work with dApp operators to enable " clear signing," according to the statement. Blind signing must be abolished by June 2024.
Unlike blind signing, clear signing allows users to see exactly what the consequences of a transaction are before authorizing it. Blind signing, however, was previously the norm for many dApps for practical reasons.
Those affected by the hack had unknowingly released transactions that sent their cryptos to the attackers' wallets. A report from Ledger on the incident can be found at here Finding.
Ledger now wants to compensate those affected by February 2024 and is already in "direct contact" with many victims. Anyone who believes they are victims of the hack can contact the Ledger Help Center.