Cryptocurrency hardware wallet maker, Ledger, has announced that it has compensated all affected users for their losses caused by the Ledger Connect Kit exploit. On December 20, Ledger announced on Twitter that the company was aware of about $600,000 in stolen user assets due to blind signatures in decentralized applications (#dApps).
Several decentralized apps using Ledger's connector library, including #SushiSwap and #Revoke.cash, were hacked on December 14, resulting in significant losses for users.
According to a recent statement, Ledger is committed to providing compensation to affected individuals.
"We promise to do everything we can, including acts of goodwill, to get this done by the end of February 2024. We are already in touch with many affected users and are actively working on specific details with them."
Furthermore, Ledger will continue to work with the dApp ecosystem to ensure a clear signature, but will no longer allow blind signing on Ledger devices. The company plans to end blind signing on Ledger devices by June 2024.
"We are committed to working with the community and the dApp ecosystem to implement a transparent signature model that will keep our users' assets secure," Ledger said.
The company also encourages users to update their software to the latest version and follow security guidelines to minimize risks.
This is not the first time Ledger has faced security issues. In 2020, a hacker attack on the company's database stole information about more than 270,000 customers, including their names, email addresses and phone numbers. The company also faced problems with vulnerabilities in its devices that allowed attackers to access users' assets.
Despite these issues, #Ledger remains a popular choice among users, and the company continues to work to improve the security of its products.
