Pascal Gauthier, CEO of Ledger, recently discussed the Dec. 14 breach of the company’s wallet service in a blog post. He described the compromise of Ledger’s Javascript connector library as a “singular event” and assured the implementation of enhanced security measures. The security breach, which lasted under two hours, was quickly neutralized within 40 minutes after its detection and primarily impacted third-party decentralized applications (DApps), according to Gauthier. He explained that the breach occurred due to a phishing attack on a former employee, whose identity was purportedly found in the compromised code. He reassured that Ledger’s hardware and the Ledger Live platform remained unaffected.
Gauthier emphasized Ledger’s rigorous security protocols, stating:
“At Ledger, our standard procedure mandates that no individual can deploy code without it undergoing a thorough review by several parties. We maintain stringent access controls, conduct internal audits, and require code multi-signatures for most of our development processes. This applies to 99% of our internal systems, and we ensure that any departing employee’s access to all Ledger systems is immediately revoked.”
He labeled the incident as a regrettable, isolated case and vowed for future enhancements:
“Going forward, Ledger will introduce more robust security measures, linking our build pipeline with strict software supply chain security to the NPM distribution channel.”
Gauthier acknowledged that such a hack could potentially affect others. He confirmed that Ledger Connect Kit 1.1.8 is secure and ready for use. He expressed gratitude towards WalletConnect, Tether, Chainalysis, and ZachXBT for their support. Initially, the hack was estimated to have caused a loss of around $484,000, but according to Web3 security firm Blockaid, the figure had increased to $504,000 by 8:00 pm UTC. The company also noted that the hack could potentially impact any Ethereum Virtual Machine user who interacted with the compromised DApps.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up