Ledger Crypto Wallet To Reimburse Users After Hack

Authored by Helen Partz via Cointelegraph.com,

Ledger says some $600,000 in assets were stolen from users’ blind signing on EVM DApps, and it will ensure all victims are “made whole,” while blind signing will be disallowed by June 2024.

Hardware cryptocurrency wallet provider Ledger says it will reimburse all affected users in the aftermath of the Ledger Connect Kit exploit.

Ledger took to X (formerly Twitter) on Dec. 20 to announce that the firm is aware of roughly $600,000 in assets impacted or stolen from users through blind signing on Ethereum Virtual Machine (EVM) decentralized applications (DApps).

Multiple decentralized applications using Ledger’s connector library — including SushiSwap and Revoke.cash — were compromised on Dec. 14, 2023, resulting in massive losses by investors.

According to the new announcement, Ledger will ensure that affected victims will be made whole and repaid. The firm stated:

“We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.”

In addition, Ledger will continue to work with the DApp ecosystem to allow clear signing but will no longer allow blind signing with Ledger devices. Ledger expects to sunset blind signing with Ledger devices by June 2024.

“Our commitment is to work with the community and DApp ecosystem to allow Clear Signing so users can verify all transactions on Ledger devices before signing. This will lead to a new standard to protect users and encourage Clear Signing across DApps,” the announcement added.