Ledger seem compromised again

[gmaxwell]

I wonder if Ledger is regretting their decision to support scamcoins yet? -- seams like it may ultimately cost them their business.

It's hard enough to handle bitcoin securely, but to handle alternatives whose designs have big security problems and then to support a thousand of them? It's a recipe for disaster on the basis of complexity alone.

[Rikafip]

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.  

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.

[benalexis12]

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.  

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.

That's good news if the ledger is going to do that for the users of the ledger who are affected by what has already been compromised. Actually, this incident that happened is quite alarming.

But since they have a reimbursement to make to those affected by that issue, for sure their users will be happy, and this is good news for them so that their trust will still remain in the ledger. That's how I see it, and that's a good step.

[Gladitorcomeback]

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.  

There is no way except this step to retain the trust of crypto users and web3 platforms. This is positive news for all users whose wallet drained especially lost big. Besides reimbursing the plan for tighten the security is also good news where signing system will be become strong.

Online security plays an important role in the world of cryptocurrency. Cryptocurrencies are considered secure because it's operate on a blockchain however this type of incident will create fear so it should be tighten in extreme level so that no one even think about breaking security.

[Dunamisx]

If you are using ledger hardware wallet please do not connect to any dapps right now until futher notice, it seems this hardware wallet is freaking too vulnerable to attacks right now.

It was back then when ledger hardware wallet was making fame because users find nothing against it used and will always want to have it among the most recommended wallets, but now things are no more like that with the same hardware wallet, ledger has compromised privacy and data leak, we need to get used to this related activities because that is one of the reasons we must always stay updated to know about the security challenges or privacy bridge from any of the kinds of wallet we are using.

[joniboini]

But since they have a reimbursement to make to those affected by that issue, for sure their users will be happy, and this is good news for them so that their trust will still remain in the ledger. That's how I see it, and that's a good step.

Eh, If I were affected I'd probably stop using them even after they reimburse me. This blind signing aside, they made many questionable decisions in the last few months that users should be aware of. The more worrying thing is the reliance on their connectkit by dapps developers. They should improve their internal security and fix how a new update is published so that one phishing attack doesn't result in the same thing, while developers try to build/use alternatives so that they don't make chain attacks easier. CMIIW.

[MusaMohamed]

Eh, If I were affected I'd probably stop using them even after they reimburse me. This blind signing aside, they made many questionable decisions in the last few months that users should be aware of.

Did you imply about their new product, Ledger Recover?

Ledger Recover and Ledger Recover FAQs

That new product from Ledger is sucky as the root cause to use a hardware wallet is to have our control on our wallet private keys/ wallet mnemonic seeds and don't rely on any party to have access to private keys, wallet seeds and our bitcoin.

Months ago, with release of Ledger Recover product, they give Ledger users an option to back up wallets with engagement of three parties. It sucks!

The more worrying thing is the reliance on their connectkit by dapps developers. They should improve their internal security and fix how a new update is published so that one phishing attack doesn't result in the same thing, while developers try to build/use alternatives so that they don't make chain attacks easier. CMIIW.

It is bad idea from Ledger developers but users themselves have own responsibilities too.

Hardware wallets must be used for storing their main capital.

If they want to interact with smart contracts, new projects, they must move their cryptocurrencies from a hardware wallets to some different smaller wallets. And they can use those wallets for smart contract interaction explorations, with other wallets like Metamask, MyEtherwallets and more.

[headingnorth]

I wouldn't trust anything involving shitcoins aka altcoins, web3, dapps, nfts all just a bunch of  great ways to lose your money.

All of the above are just a bunch of stupid fancy buzzwords but in reality are nothing but high tech scams that have little to nothing in common with bitcoin,
the only truly trustless and decentralized asset. Every single day for the last 10 years you hear constantly about people getting scammed with this garbage,
and yet people still don't learn.

You know what they say idiots and their money are soon parted.

[Abiky]

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.

Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed. The hack involving Ledger Connect only adds more fuel to the fire. Noobs won't care about this, but crypto veterans like me will start looking for other alternatives. If the majority of Ledger's customers are crypto veterans, then this will mark the end of its business for good. We are yet to see whenever the company will survive or fade away into oblivion.

For what I know, there are plenty of alternatives that put security/reliability above all else. Open source hardware wallets like Jade and Passport are starting to gain traction. Lets see if Ledger will be able to keep up with the competition. As long as we have multiple hardware wallets to choose from, nothing else matters.

[livingfree]

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.  

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.

That's good news for those affected on it. But I guess this is going to be the last time that they'd do a refund for the affected users since it is their fault.

Next time that something like this happens again, I don't think that they'll initiate a refund against the actions of these users. Both are at fault but Ledger should stop making a lot of support for these projects and should only stay to a few chosen.

Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed.

Yeah, that recover feature. That already made a huge noise on their reputation but we're not their target with such feature and sadly, despite the community's action against that. There will be newbies that will embrace that feature.

[Rikafip]

Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed.

They maybe lost reputation among more knowledgebale userbase, but vast majorify of their users probably never even heard about recovery service and what's even worse, they wouldn't even mind using it once introduced.

Lets see if Ledger will be able to keep up with the competition.

Unfortunately, situation is opposite and Ledger is still the market leader, despite all the mistakes made in the last couple of years and imho it will need a major breach for them to lose that spot.

[PrivacyG]

I wonder if Ledger is regretting their decision to support scamcoins yet? -- seams like it may ultimately cost them their business.

I doubt they do.  They earned most of their income and profit through Shit Coins.  Otherwise I doubt any body would have preferred Ledger on top of Trezor.

Supporting Shit Coins seems to be their purpose and priority.  Unfortunately a few of us will say it was a mistake but most of their customers will keep praising them for supporting all the Coins we never really needed.