Ledger promises to make victims whole after attack

Ledger will remove the ability to Blind Sign by June 2024

by Katherine Ross /
article-image

Artwork by Crystal Le

share

Ledger, in an update following last week’s attack, has promised to make users whole.

An attacker phished a former Ledger employee and was able to access the company’s package manager, where they uploaded a malicious code to ConnectKit. The attacker, according to Ledger, made off with $600,000.

“We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February 2024. We are already in contact with many impacted users and are actively working through the specifics with them,” the company said in a post on X.

The company will make victims whole in the wake of the attack, and is working with law enforcement to track down the hacker and recover the funds. 

Read more: Ledger says attacker conducted phishing attack on former employee

“Ledger has engaged with authorities and is doing all we can to help as this investigation unfolds. Ledger will support affected users in helping to find this bad actor, bring them to justice, track the funds and work with law enforcement to help recover stolen assets from the hacker,” CEO Paul Gauthier said last week.

Following the attack, Tether froze the attacker’s address, which was also published to Chainalysis.

The attacker’s code was active for roughly five hours. Decentralized exchange SushiSwap alongside Revoke.cash warned that they were impacted. Ledger implemented a fix later the same day.

Additionally, the company plans to end blind signing by June 2024. When signing a transaction, “blind” refers to signing without the wallet offering full visibility or understanding of the transaction details.

In posts on X following the attack, the company pushed users to only use Clear Sign on their transactions.

“In the meantime, we’d like to remind the community to always Clear Sign your transactions — remember that the addresses and the information presented on your Ledger screen is the only genuine information,” Ledger said at the time.

“Our commitment is to work with the community and dapp ecosystem to allow Clear Signing so users can verify all transactions on Ledger devices before signing. This will lead to a new standard to protect users and encourage Clear Signing across dapps,” Ledger said Wednesday.

Ledger’s small display often requires paging through many — sometimes dozens — of screens showing encoded transaction details, which is why users often opted for blind signing.

The company warned that front-end attacks aren’t going away, so the “only foolproof countermeasure for this type of attack is to always verify what you consent to on your device…This is only possible with Clear Signing: meaning you can see and verify exactly what you sign on a secure display.”

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Digital Asset Summit 2025

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Unlocked by Template.jpg

Research

Bitcoin Expressivity with BitcoinOS

The BitcoinOS team is the first to have developed and posted a ZK-compressed proof on the Bitcoin network. Other proof verification efforts have been limited to the Signet or testnet deployments. Their work has resulted in the development of BitSNARK, a software library for ZK-compressed fraud proofs on the Bitcoin network. The project aims to provide a horizontal scaling solution, offering a one-stop shop for teams interested in developing a rollup on Bitcoin. This approach shares similarities with the horizontal tech stack scaling in other ecosystems like Cosmos and Optimism, particularly in its focus on simplified verification, bridging standards, and lightweight interoperability.

by 0xMims

/

news

article-image

Analysis

Crypto monthly active addresses are hitting all-time highs: A16z

A16z’s State of Crypto report shows that DeFi has the largest number of daily active addresses, with stablecoins following closely behind

by Katherine Ross /
article-image

DeFi

Conduit sees path to gigagas throughput with new sequencer

G2 is delivering real-world performance breakthroughs at 50-100 Mgas/s, Conduit says

by Macauley Peterson /
article-image

Analysis

Memecoin conceived by AI trumps Trump-linked token sale

World Liberty Financial’s token sale debuted just as an absurd AI-fueled memecoin captured crypto’s attention

by David Canellis /
article-image

Empire Newsletter

World Liberty Financial’s presale overshadowed by memecoin-shilling AI

Plus, would crypto be better out of the limelight?

by Katherine Ross&David Canellis /
article-image

Policy

Coinbase continues with SEC lawsuit over denied FOIA request 

Coinbase hired History Associates in 2023 to assist in retrieving records from the SEC and FDIC

by Casey Wagner /
article-image

Forward Guidance Newsletter

VP Harris’s latest crypto comments fall short on details

Hours after pledging to support Black men’s rights to safely invest in crypto, VP Harris’s Monday night speech mentioned blockchain zero times

by Casey Wagner&Ben Strack /