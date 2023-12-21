Buy Crypto
Markets
Trade
Spot
Buy and sell on the Spot market with advanced tools
Margin
Increase your profits with leverage
P2P
Buy & sell cryptocurrencies using bank transfer and 800+ options
Convert & Block Trade
The easiest way to trade at all sizes
Trading Bots
Trade smarter with our various automated strategies - easy, fast and reliable
Copy Trading
Follow the most popular traders
APIs
Unlimited opportunities with one key
Futures
USDⓈ-M Futures
Contracts settled in USDT
COIN-M Futures
Contracts settled in cryptocurrency
Options
USDT Options with limited downside and affordable entry
Earn
Square
Square
Stay informed with everything crypto
Academy (Learn & Earn)
Earn crypto by learning about blockchain
Blog
Expand your knowledge and get the latest insights
Research
Institutional-grade analysis, in-depth insights, and more
More
VIP & Institutional
Your trusted digital asset platform for VIPs and institutions
Launchpad
Discover and gain access to new token launches
Mining Pool
Mine more rewards by connecting to the pool
Pay
Send, receive and spend crypto
Loans
Get an instant loan secured by crypto assets
NFT
Explore NFTs from creators worldwide
Fan Token
Discover an all-new fandom and unlock unlimited fan experiences
Web3 Wallet
Meet the next-generation Web3 wallet
BNB Chain
The most popular blockchain to build your own dApp
Charity
Blockchain empowers charity to be more transparent, efficient, and traceable
Cancel
Flash news
copy link
create picture
more

Ledger to Disable Blind Signing for EVM DApps by June 2024, Compensate Victims of Recent Exploit

Binance News
2023-12-21 09:28
Full disclaimer: This platform includes third party opinions. We do not endorse their accuracy. Digital asset prices can be volatile. Do your own research. See full terms here.
According to CryptoPotato, Ledger, a hardware wallet manufacturer, has announced plans to disable blind signing for Ethereum Virtual Machine (EVM) decentralized applications (DApps) by June 2024. The decision comes in response to an exploit where a wallet drainer was added to a library utilized by numerous DApps to connect to Ledger devices. The company revealed that approximately $600,000 in crypto assets were stolen during the recent exploit and committed to compensating affected victims. Ledger declared that it would discontinue the practice of blind signing with Ledger devices by June 2024, aiming to establish a new standard to enhance user protection and promote clear signing across decentralized applications. In the recent exploit last week, developers on Twitter identified a malicious version of the Ledger Connect Kit, a library facilitating the connection between Ledger devices and DApps. According to Web3 security firm BlockAid, the attacker injected a wallet-draining payload into the Ledger Connect Kit’s NPM package, allowing them to drain funds from users who signed on DApps like Sushi.com and Hey.xyz. MetaMask, a software wallet developer, cautioned users to “stop using DApps” following news of the attack. Ledger confirmed that the attack occurred due to a former employee falling victim to a phishing attack, which allowed the attacker to access the former employee’s NPMJS account and push a malicious version of the Ledger Connect Kit. This compromised Connect Kit rerouted user funds from any wallet connecting to a DApp using it to the hacker’s wallet. Ledger responded swiftly, deploying a fix within 40 minutes of its security teams alerting it. A new version of the Connect Kit (1.1.8) has been released. The exploit did not compromise Ledger devices and the Ledger Live app.
View full text