to address the issue and that all affected victims would be compensated for their losses.
Ledger, the hardware wallet manufacturer, has announced that it will disable blind signing for EVM decentralized applications (dapps) by June 2024, following a recent exploit that resulted in the theft of approximately $600,000 in crypto assets. Blind signing involves the display of raw smart contract signing data that can be parsed by computers but is incomprehensible to a human reader. In contrast, Ledger has advocated for a "what you see is what you sign" approach known as clear signing, which parses smart contract signing in a human-readable manner.
The recent exploit involved a malicious version of the Ledger Connect Kit, a library that enables Ledger devices to connect with dapps. The attacker injected a wallet draining payload into the ledgerconnect kit's NPM package, allowing them to drain the funds of users who signed on dapps such as Sushi.com and Hey.xyz. This incident prompted software wallet developer MetaMask to warn users to stop using dapps.
Ledger has confirmed that the attack occurred due to a former employee falling victim to a phishing attack, which allowed the attacker to gain access to the former employee's NPMJS account. With this access, the attacker was able to push a malicious version of the Ledger Connect Kit that rerouted user funds from any wallet connecting to a dapp using it to the hacker's own wallet. However, Ledger has since deployed a fix to address the issue.
In response to the exploit, Ledger has announced that it will no longer allow Blind Signing with Ledger devices by June 2024. The company believes that this move will lead to a new standard that better protects users and encourages the adoption of Clear Signing across DApps. Ledger has also encouraged dapp developers to support clear signing in order to enhance security for their users.
Furthermore, Ledger has taken responsibility for the incident and has committed to compensating all affected victims for their losses. The company's commitment to making the victims whole is commendable and demonstrates its dedication to the security and well-being of its users.
In conclusion, the recent exploit that led to the theft of crypto assets has prompted Ledger to disable blind signing for EVM decentralized applications by June 2024. Ledger's move to sunset blind signing is aimed at enhancing security and promoting the adoption of clear signing across DApps. The company has taken swift action to address the issue and has committed to compensating affected victims. This incident serves as a reminder of the importance of continually strengthening security measures in the cryptocurrency industry.
Comments
Post a Comment