Ledger says that users’ blind signatures on EVM DApps resulted in the theft of assets valued at over $600,000. It will make sure that all victims are “made whole,” and blind signing will be banned by June 2024.
Ledger, a manufacturer of hardware wallets for cryptocurrencies, promises to compensate all impacted consumers following the Ledger Connect Kit exploit.
On December 20, Ledger said on X (formerly Twitter) that the company has knowledge of around $600,000 in assets that have been compromised or pilfered from customers via blind signing on decentralized applications (DApps) running on the Ethereum Virtual Machine (EVM).
On December 14, 2023, multiple decentralized applications using Ledger’s connector library, including SushiSwap and Revoke. cash were compromised, resulting in large losses for investors.
According to the current notification, Ledger will make certain that affected victims are compensated and refunded. According to the company:
“We commit to completing this by the end of February 2024 in any way possible, including gestures of goodwill.” We have already made contact with a large number of affected users and are actively working through the details with them.”
Furthermore, Ledger will continue to collaborate with the DApp ecosystem to enable clear signing, but will no longer support blind signing with Ledger devices. Blind signing with Ledger devices will be phased out by June 2024, according to Ledger.
“We have committed to working with the community and the DApp ecosystem to enable Clear Signing so that users can verify all transactions on Ledger devices before signing.” This will result in a new standard to protect users and encourage Clear Signing across DApps,” according to the statement.