Ledger has declared its intent to fully reimburse users affected by the recent Connect Kit exploit. The company acknowledged the unauthorized withdrawal of approximately $600,000 in assets due to blind signing on various Ethereum Virtual Machine (EVM) decentralized applications (dApps).
Addressing the Security Incident
The security breach, which occurred on December 14, 2023, impacted several DApps, including SushiSwap and Revoke.cash, leading to significant financial losses for users. Ledger has pledged to compensate all victims by the end of February 2024.
The company emphasized its dedication to resolving these issues promptly and fairly: “We are already in contact with many impacted users and are actively working through the specifics with them.”
Ledger is revising its policies to boost transaction security in light of the exploit. The company plans to discontinue the practice of blind signing with Ledger devices by June 2024.
This change is part of a broader initiative to collaborate with the DApp community in promoting Clear Signing. This approach allows users to verify transaction details on their Ledger devices before signing, fostering a safer and more transparent environment for digital asset transactions.
Also Read: Ledger CEO Responds to Recent Phishing Hack
