The recent Bitcoin downturn has been linked to a malicious attack on the Ledger library, affecting numerous smart contracts. Fortunately, quick action by protocols limited the losses, which could have been much more significant. Ledger has announced measures to prevent future incidents and hinted at plans for the coming year.
The hack on Ledger’s code library made several popular protocols vulnerable to attacks. The estimated loss was contained to approximately $600,000, and the Ledger team has committed to compensating the affected users. They also plan to work with the DApp ecosystem to implement Clear Signing by June 2024, which will disallow Blind Signing with Ledger devices.
Ledger has acknowledged the theft of around $600,000 from users of EVM DApps due to blind signatures and is actively working with affected users to rectify the situation. They have pledged to compensate the losses by the end of February and advise users to cancel authorized transactions to minimize the impact of the malicious code.
By June 2024, Ledger will no longer allow Blind Signing with its devices, committing to Clear Signing to enable users to verify all transactions before signing. This move aims to protect users and promote a new standard of Open Signing among DApps.
The announcement concludes with a warning about social media bots that prey on investors, especially on platforms like the former Twitter. These bots often impersonate technical support and trick users into revealing their recovery phrases, effectively granting them access to the users’ wallet assets. Ledger urges users to remain vigilant and block any accounts that request recovery phrases or direct them to suspicious sites.