Hardware cryptocurrency wallet provider Ledger says it will reimburse all affected users in the aftermath of the Ledger Connect Kit exploit.
Ledger took to X (formerly Twitter) on Dec. 20 to announce that the firm is aware of roughly $600,000 in assets impacted or stolen from users through blind signing on Ethereum Virtual Machine (EVM) decentralized applications (DApps).
Multiple decentralized applications using Ledger’s connector library — including SushiSwap and Revoke.cash — were compromised on Dec. 14, 2023, resulting in massive losses by investors.
According to the new announcement, Ledger will ensure that affected victims will be made whole and repaid. The firm stated:
“We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.”
In addition, Ledger will continue to work with the DApp ecosystem to allow clear signing but will no longer allow blind signing with Ledger devices. Ledger expects to sunset blind signing with Ledger devices by June 2024.
“Our commitment is to work with the community and DApp ecosystem to allow Clear Signing so users can verify all transactions on Ledger devices before signing. This will lead to a new standard to protect users and encourage Clear Signing across DApps,” the announcement added.
This is a developing story, and further information will be added as it becomes available.