Hardware wallet firm Ledger is responding to a recent security vulnerability in its products that was exposed earlier this month.
On December 14th, Ledger announced that one of its employees fell victim to a phishing attack that allowed a bad actor to publish a malicious version of the Ledger Connect Kit, affecting users who connected to decentralized applications (DApps).
After the exploit, Tether, the largest stablecoin issuer in the world, froze the attacker’s USDT address, preventing much of the funds from being moved further.
In a statement on the social media platform X, Ledger says it’s aware of about $600,000 in assets that were impacted, and says it’s committed to making victimized users whole and preventing anything similar from happening again.
“We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February 2024. We are already in contact with many impacted users and are actively working through the specifics with them.
We remind users that if you signed a transaction on affected DApps December 14th, 2023, best security practices would recommend revoking any authorized transactions to further reduce impact from the malicious code.”
Ledger says it’s also going to disable the option to blind-sign transactions in the future. Typically, users must “sign” transactions before allowing a smart contract to interact with their wallets, and blind signing allows them to skip the process, which is what Ledger aims to prohibit for its users.
“Front-end attacks have happened many times before and will continue to plague our ecosystem. The only foolproof countermeasure for this type of attack is to always verify what you consent to on your device.”
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney