Ledger will return $600,000 to users affected by the hack that exploited the blind signatures feature on its hardware wallets.
According to the Ledger’s Dec. 20 announcement, the company is also working to prevent similar signatures in the future and aims to implement a new security standard built around clear signatures. This will increase user protection and improve the transparency of DApps.
By June 2024, Ledger devices will no longer support blind signatures. Instead, there will be a new security standard using clear signatures. This will increase user protection and improve the transparency of DApps.
Ledger also advises users who signed transactions in affected DApps during the hack to cancel authorized transactions. This should minimize the impact of the attacker’s malicious code.
The hack occurred on Dec. 14. A hacker replaced the real Ledger Connect Kit with a fake one, but users’ physical devices and the Ledger Live app were not affected.
The breach involved the hacker gaining access to the NPMJS service account through a phishing attack targeting a former Ledger employee. The attacker used WalletConnect to withdraw funds. This action triggered the deactivation of the scammer’s wallet.
Subsequently, Ledger promptly removed the malicious file from its system, which had been present for approximately 5 hours.
At the time of the incident, Ledger did not disclose the extent of the damage. However, the company stated that it had reached out to affected users to discuss compensation.
This isn’t the first time Ledger has faced security issues. Crypto analyst ZachXBT reported a fake Ledger Live app in the Microsoft Store in Nov. It is known that it appeared on Oct. 19.
Three years ago, hackers successfully breached Ledger users’ personal data in an incident that took place on Jun. 25, 2020. The attackers gained unauthorized access to a list of customers’ names, addresses, and phone numbers by exploiting an API key.
The recent breach has led to criticism of Ledger. Many users didn’t understand why a former employee had access to the data, according to comments under the company’s post.
Los Angeles, California, 22nd August 2025, ZEX PR WIRE, As digital assets gain increasing attention,…
Los Angeles, California, 22nd August 2025, ZEX PR WIRE, After XRP once again fell below…
CoinFund-Led Round Accelerates Institutional Adoption of Infrastructure For Datachains London, UK, Aug 22, 2025, ZEX…
London, UK, 22nd August 2025, ZEX PR WIRE- With the launch of Bitcoin and Ethereum…
Start your journey to wealth with one click. Miami, Florida, 22nd August 2025, ZEX PR…
London, England, 22nd August 2025, ZEX PR WIRE, In today’s volatile cryptocurrency market, maintaining asset…