Hardware wallet company Ledger is responding to a recent security vulnerability in its products that came to light earlier this month.
On December 14, Ledger announced that one of its employees fell victim to a phishing attack that allowed a bad actor to publish a malicious version of the Ledger Connect Kit, affecting users connecting to decentralized applications (DApps).
Following the exploit, Tether, the world’s largest stablecoin issuer, froze the attacker’s USDT address, preventing much of the money from being moved any further.
In a rack On social media platform
“We are committed in every way, including gestures of goodwill, to ensuring this happens by the end of February 2024. We are already in contact with many affected users and are actively working on the details with them.
We remind users that if you were to sign a transaction on the affected DApps on December 14, 2023, best security practices would recommend revoking all authorized transactions to further reduce the impact of the malicious code.”
Ledger says it will also disable the option to blindly sign transactions in the future. Typically, users must “sign” transactions before they can have a smart contract communicate with their wallet, and blind signing allows them to skip the process, which Ledger wants to prohibit for its users.
“Front-end attacks have happened many times before and will continue to plague our ecosystem. The only foolproof countermeasure to these types of attacks is to always verify what you agree to on your device.”
Don’t miss a beat – Subscribe to receive email alerts straight to your inbox
Check price action
follow us on TweetFacebook and Telegram
Surf to the Daily Hodl mix
Generated image: Midjourney