**Ledger Vows to Fully Compensate Victims of $600,000 ConnectKit Attack**
*Summary:*
Hardware wallet manufacturer Ledger has made a commitment to reimburse users after a recent security breach resulted in the theft of $600,000 worth of assets. The company has pledged to enhance its security measures and eliminate the Blind Signing process by June 2024. Ledger has taken responsibility for the ConnectKit attack and emphasized its determination to prevent similar incidents.
Ledger has promised to fully compensate affected victims, including non-Ledger customers, with CEO & Chairman Pascal Gauthier personally overseeing the restitution process. The company has already initiated contact with affected users and is actively working with them to resolve their specific cases. Additionally, Ledger will no longer support blind signing on its devices by June 2024, and will advocate for a new standard of user protection called “Clear Signing.”
Furthermore, Ledger has released an incident report stating that the attack exploited the Ledger Connect Kit, injecting malicious code into dApps using the kit. The company swiftly deployed a genuine fix for the Connect Kit within 40 minutes of detection. Ledger has acknowledged the need to continually raise the bar for security in dApps and aims to implement strengthened access controls, conduct audits of internal and external tools, reinforce code signing, and improve infrastructure monitoring and alerting systems.
**FAQ:**
1. **What is Blind Signing?**
Blind signing is a process where transactions are displayed in code rather than plain language. This can lead to security vulnerabilities where users may unknowingly sign transactions that drain their wallets.
2. **What is Clear Signing?**
Clear Signing is a process that allows users to verify transactions on their Ledger devices before signing them across decentralized applications, providing an added layer of transparency and security.
3. **How is Ledger addressing the ConnectKit attack?**
Ledger has pledged to fully compensate affected victims, eliminate Blind Signing by June 2024, and enhance its security measures by strengthening access controls, conducting audits, reinforcing code signing, and improving infrastructure monitoring and alerting systems.
4. **Is Ledger taking responsibility for the attack?**
Yes, Ledger has taken responsibility for the ConnectKit attack and is committed to preventing similar occurrences in the future. CEO Pascal Gauthier has personally overseen the restitution process to ensure affected individuals recover their assets.
5. **What should users do to protect their assets on Ledger devices?**
Users are encouraged to stay informed about the security measures being implemented by Ledger, including the transition from Blind Signing to Clear Signing, and to actively engage with the company’s educational resources.
6. **What should affected users do?**
Affected users should follow the guidance provided by Ledger, and if they have not been contacted already, they should reach out to the company for assistance in resolving their specific cases.