Hardware cryptocurrency wallet provider Ledger has pledged to reimburse all affected users who lost funds in the recent Ledger Connect Kit exploit. In a statement posted on December 20, Ledger acknowledged that approximately $600,000 in assets were impacted or stolen from users through blind signing on Ethereum Virtual Machine (EVM) decentralized applications (DApps).
The exploit, which occurred on December 14, 2023, affected multiple DApps using Ledger’s connector library, including SushiSwap and Revoke.cash, resulting in significant losses for investors.
Ledger expressed its commitment to making affected victims whole and repaying them by the end of February 2024. The company stated that it is already in contact with many impacted users and is actively working through the specifics with them.
Ledger’s Chairman and CEO, Pascal Gauthier, said in a post:
“My personal commitment: Ledger will dedicate as much internal and external resources as possible to help the affected individuals recover their assets.”
In addition to reimbursing users, Ledger announced that it will continue to work with the DApp ecosystem to allow clear signing but will no longer allow blind signing with Ledger devices. The company expects to sunset blind signing with Ledger devices by June 2024. The post also mentioned that all Ledger devices and Ledger Live were not impacted and are still secure to use.
Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.