In response to a recent security incident, Ledger, the well-known cryptocurrency hardware company, is taking significant steps to address the vulnerability detected in decentralized applications (DApps) that use its technology.
The incident, which resulted in the loss of around $600,000 in user assets, was the result of what is known as “blind signing” in DApps based on the EVM (Ethereum Virtual Machine) network.
Recognizing the seriousness of the issue, the firm has committed to ensuring that all affected victims, regardless of whether they are Ledger clients or not, are fully compensated for the losses suffered.
We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.
We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.
Ledger…
— Ledger (@Ledger) December 20, 2023
This commitment includes collaboration with those who were victims of the attack, working closely with them to resolve all concerns by the end of February 2024.
Additionally, Ledger has announced fundamental changes to its security policies
Starting in June 2024, Ledger devices will no longer support blind signing.
Instead, clear signing will be implemented, an approach that will allow users to verify all transactions on Ledger devices before authorizing them, setting a new standard to protect users and encourage safe practices in DApps.
The company also calls on DApp developers, urging them to adopt “clear signing” as a fundamental security measure in their applications.
It invites developers to collaborate closely with them through its portal and Discord, with the aim of implementing this technology on their platforms to improve overall security in the DApps ecosystem.
For those users who might have been affected by the attack, Ledger provides detailed information about the incident on its security blog.
Despite the incident, they emphasize that their devices and Ledger Live remain safe for use and provide support through their Help Center for those seeking further guidance.
