Ledger Hardware Wallet Will Compensate Users for $600,000 Exploit

Jimmy Aki
Last updated: | 1 min read
Ledger exploit
Source: iStock

Hardware wallet provider Ledger has announced its intention to reimburse victims for the approximately $600,000 in assets lost due to the recent ConnectKit exploit.

In a December 20 statement on X (formerly Twitter), the firm assured that the lost assets would be reimbursed before the end of February 2024.

The crypto waller manufacturer also revealed it has reached out to the impacted victims and is actively working through all recovery specifics to ensure a seamless payment process.

Meanwhile, users who signed transactions on all exploited decentralized applications (dApps) connected to ConnectKit are advised to revoke all authorized transactions to minimize potential risks associated with the breach.

On December 14, cryptonews reported that the user interfaces of several dApps utilizing Ledger’s ConnectKit, including Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, were compromised.

Matthew Lilley, the Chief Technical Officer (CTO) of SushiSwap, was among the first to identify and report the issue. He noted the compromise of a widely used Web3 connector, which allowed the injection of malicious code into multiple decentralized applications (dApps).

Approximately three hours after the security breach was identified, Ledger confirmed that the malicious version of the file had been replaced with its authentic counterpart.

The Potential of ‘Clear Signing’ in the dApp Ecosystem

Ledger has reaffirmed its commitment to enhancing security measures to strengthen the ecosystem and prevent future incidents.

In line with this commitment, the firm plans to collaborate with the dApp ecosystem to implement Clear Signing and discontinue the Blind Signing feature from its devices by June 2024.

The Clear Signing feature will enable users to scrutinize and verify transaction details before granting approval.

With Clear Signing, wallet enthusiasts can directly examine important information such as transaction amounts, recipient addresses, and other relevant details on their Ledger devices or other secure displays.

According to the firm, this verification process empowers users to make informed decisions and confirm the accuracy of the transaction they are about to authorize.

The crypto wallet provider has also appealed to dApp developers to prioritize customers’ security and trust in the decentralized ecosystem by building apps that support the new security feature.