The post Ledger shares follow-up on last week’s security incident appeared on BitcoinEthereumNews.com.

Ledger witnessed a security incident on December 14, 2023, affecting $600k in assets. It has now published an incident report detailing how the event played out. The incident began with one of the employees becoming a victim of a phishing attack that granted the hacker access to the NPMJS account, thereby publishing a malicious version of Ledger Connect Kit. The incident has been resolved, and Ledger has expressed his commitment to helping affected users. Customers will be assisted by the end of February 2024. A precautionary measure has also been announced. Ledger has said that it is in talks with dApp developers to no longer allow Blind Signing. They have been asked to transition to Clear Signing. Customers will now be able to verify a transaction that they are consenting to. By June 2024, Blind Sign will be no longer available. Clear signing will then run across the dApp ecosystem. Users have been asked to be careful about their engagement with dApps and not click on anything that looks suspicious. Customers who were affected by the incident can get in touch with the Ledger team and seek necessary corrections. Ledger devices and Ledger Live were not exposed to exploitation, and they remain safe to use, per the announcement. The community has appreciated the team for this measure. The majority of members have stated that the adoption of Clear Signing is a significant security improvement and are hoping that no compatibility issues will arise with the update. The genuine version of the Ledger Connect Kit is currently live. It improves over the previous versions, 1.1.5, 1.1.6, and 1.1.7. Pascal Gauthier, the Chairman and Chief Executive Officer of Ledger, was quick enough to address the concern on December 14, 2023, with a letter assuring that they were working with relevant agencies to…

---

Filed under: News - @ December 21, 2023 10:30 am