Ledger, one of the major manufacturers of cryptocurrency cold wallets, issued a statement in response to last week's security breach that resulted in the loss of user assets.
The company promised to compensate the victims and announced that it would take steps to prevent similar incidents from occurring in the future.
The security incident occurred in the early hours of last Thursday when Ledger's widely used Connect Kit JavaScript library was compromised. This security breach led to hundreds of thousands of dollars of cryptocurrency being stolen from users' wallets. Ledger attributed this attack to a phishing attack targeting a former employee who inadvertently became the entry point for the hacker.
In its new statement today, the company said Ledger is “100% focused on following up on last week's security incident and ensuring that such incidents are prevented in the future and that the ecosystem remains safe.” The company said that it was aware that approximately 600 thousand dollars of assets stolen from users who signed “Blind Signing” on EVM DApps were damaged.
Blind signing is a concept used in the field of cryptocurrencies and blockchain. It refers to the process where users sign a transaction without full knowledge of its content.
Pascal Gauthier, Ledger's CEO and Chairman of the Board, confirmed his promise to ensure that victims whose assets were stolen by the attacker on December 14, 2023, are fully compensated for their assets, including users who are not Ledger customers.
The company said it is committed to ensuring all of this is done by the end of February 2024, by any means possible, including goodwill gestures. Ledger also announced that as of June 2024, users will no longer be able to do Blind Signing with their Ledger devices.
*This is not investment advice.