Ledger Vows Compensation for $600,000 Hack Victims

Crypto hardware wallet company Ledger pledged wide-ranging responses this week after a code exploit allowed a hacker to drain an estimated $600k in user funds on December 14th.

In a lengthy X tweet, Ledger affirmed that it will fully compensate all victims impacted by the attack by the end of February 2024. This includes reimbursement for non-Ledger users caught in the crossfire.

• Committing to compensate affected users.
• By mid-2024, the wallet service provider will mandate clear signing.
• Aims to set a wider industry standard.

The company also committed to overhauling signing protocols across its wallet ecosystem by June 2024, requiring transparent ‘clear signing’ confirmation of transactions rather than hidden ‘blind signing.’

Read more: 40+ Countries Pursued Crypto Rules In 2023, But There’s A Catch

“We will make sure victims affected will be made whole and are committing to work with the DApp ecosystem to allow clear signing and no longer allow blind signing with Ledger devices by June 2024,” Ledger tweeted.

Ledger takes measures to avoid future incidents

The pledge aims to restore funds while acknowledging that security practices require improvement to prevent repeat issues. Ledger is also collaborating with dApp developers to implement more robust signing safeguards industry-wide.

By mid-2024, Ledger wallets will shift solely to clear signing, meaning users validate each transaction on their wallet screen before signing with keys stored on the secure device. This closes blind signing avenues that allow background executions like the Christmas Eve attack.

Read more: Michael Saylor: Bitcoin ETF Is The Biggest Wall Street Development In 30 Years

“The only foolproof countermeasure for this type of attack is to always verify what you consent to on your device,” Ledger said, arguing that broader ecosystem adoption of transparent signing will better safeguard users.

While hacks spur criticism, Ledger’s response aims to strengthen infrastructure and compensation to boost trust and safety as adoption widens. However, the event underscores that vigilance will remain vital as threats persist on both wallets and connected platforms.