Ledger seem compromised again | Bitcointalksearch.org

PrivacyG

hero member

Activity: 784

Merit: 1735

Crypto Swap Exchange

Quote from: gmaxwell on December 16, 2023, 08:12:19 PM

I wonder if Ledger is regretting their decision to support scamcoins yet? -- seams like it may ultimately cost them their business.

I doubt they do. They earned most of their income and profit through Shit Coins. Otherwise I doubt any body would have preferred Ledger on top of Trezor.

Supporting Shit Coins seems to be their purpose and priority. Unfortunately a few of us will say it was a mistake but most of their customers will keep praising them for supporting all the Coins we never really needed.

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: Abiky on December 21, 2023, 05:36:16 PM

Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed.

They maybe lost reputation among more knowledgebale userbase, but vast majorify of their users probably never even heard about recovery service and what's even worse, they wouldn't even mind using it once introduced.

Quote from: Abiky on December 21, 2023, 05:36:16 PM

Lets see if Ledger will be able to keep up with the competition.

Unfortunately, situation is opposite and Ledger is still the market leader, despite all the mistakes made in the last couple of years and imho it will need a major breach for them to lose that spot.

livingfree

hero member

Activity: 2786

Merit: 578

Quote from: Rikafip on December 20, 2023, 09:26:37 AM

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.

Quote from: https://twitter.com/Ledger/status/1737457365526470665

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.

That's good news for those affected on it. But I guess this is going to be the last time that they'd do a refund for the affected users since it is their fault.

Next time that something like this happens again, I don't think that they'll initiate a refund against the actions of these users. Both are at fault but Ledger should stop making a lot of support for these projects and should only stay to a few chosen.

Quote from: Abiky on December 21, 2023, 05:36:16 PM

Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed.

Yeah, that recover feature. That already made a huge noise on their reputation but we're not their target with such feature and sadly, despite the community's action against that. There will be newbies that will embrace that feature.

Abiky

legendary

Activity: 3192

Merit: 1362

www.Crypto.Games: Multiple coins, multiple games

Quote from: Rikafip on December 20, 2023, 09:26:37 AM

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.

Ledger already lost its reputation when it introduced a recovery service meant to restore access to your seed. The hack involving Ledger Connect only adds more fuel to the fire. Noobs won't care about this, but crypto veterans like me will start looking for other alternatives. If the majority of Ledger's customers are crypto veterans, then this will mark the end of its business for good. We are yet to see whenever the company will survive or fade away into oblivion.

For what I know, there are plenty of alternatives that put security/reliability above all else. Open source hardware wallets like Jade and Passport are starting to gain traction. Lets see if Ledger will be able to keep up with the competition. As long as we have multiple hardware wallets to choose from, nothing else matters.

headingnorth

member

Activity: 248

Merit: 36

NO SHITCOIN INSIDE

I wouldn't trust anything involving shitcoins aka altcoins, web3, dapps, nfts all just a bunch of great ways to lose your money.

All of the above are just a bunch of stupid fancy buzzwords but in reality are nothing but high tech scams that have little to nothing in common with bitcoin,
the only truly trustless and decentralized asset. Every single day for the last 10 years you hear constantly about people getting scammed with this garbage,
and yet people still don't learn.

You know what they say idiots and their money are soon parted.

MusaMohamed

sr. member

Activity: 882

Merit: 290

Quote from: joniboini on December 20, 2023, 09:25:54 PM

Eh, If I were affected I'd probably stop using them even after they reimburse me. This blind signing aside, they made many questionable decisions in the last few months that users should be aware of.

Did you imply about their new product, Ledger Recover?

Ledger Recover and Ledger Recover FAQs

That new product from Ledger is sucky as the root cause to use a hardware wallet is to have our control on our wallet private keys/ wallet mnemonic seeds and don't rely on any party to have access to private keys, wallet seeds and our bitcoin.

Months ago, with release of Ledger Recover product, they give Ledger users an option to back up wallets with engagement of three parties. It sucks!

Quote

The more worrying thing is the reliance on their connectkit by dapps developers. They should improve their internal security and fix how a new update is published so that one phishing attack doesn't result in the same thing, while developers try to build/use alternatives so that they don't make chain attacks easier. CMIIW.

It is bad idea from Ledger developers but users themselves have own responsibilities too.

Hardware wallets must be used for storing their main capital.

If they want to interact with smart contracts, new projects, they must move their cryptocurrencies from a hardware wallets to some different smaller wallets. And they can use those wallets for smart contract interaction explorations, with other wallets like Metamask, MyEtherwallets and more.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: benalexis12 on December 20, 2023, 10:50:36 AM

But since they have a reimbursement to make to those affected by that issue, for sure their users will be happy, and this is good news for them so that their trust will still remain in the ledger. That's how I see it, and that's a good step.

Eh, If I were affected I'd probably stop using them even after they reimburse me. This blind signing aside, they made many questionable decisions in the last few months that users should be aware of. The more worrying thing is the reliance on their connectkit by dapps developers. They should improve their internal security and fix how a new update is published so that one phishing attack doesn't result in the same thing, while developers try to build/use alternatives so that they don't make chain attacks easier. CMIIW.

Dunamisx

hero member

Activity: 854

Merit: 539

★Bitvest.io★ Play Plinko or Invest!

Quote from: KiaKia on December 14, 2023, 10:24:33 AM

If you are using ledger hardware wallet please do not connect to any dapps right now until futher notice, it seems this hardware wallet is freaking too vulnerable to attacks right now.

It was back then when ledger hardware wallet was making fame because users find nothing against it used and will always want to have it among the most recommended wallets, but now things are no more like that with the same hardware wallet, ledger has compromised privacy and data leak, we need to get used to this related activities because that is one of the reasons we must always stay updated to know about the security challenges or privacy bridge from any of the kinds of wallet we are using.

Gladitorcomeback

hero member

Activity: 644

Merit: 591

#SWGT CERTIK Audited

Quote from: Rikafip on December 20, 2023, 09:26:37 AM

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.

There is no way except this step to retain the trust of crypto users and web3 platforms. This is positive news for all users whose wallet drained especially lost big. Besides reimbursing the plan for tighten the security is also good news where signing system will be become strong.

Online security plays an important role in the world of cryptocurrency. Cryptocurrencies are considered secure because it's operate on a blockchain however this type of incident will create fear so it should be tighten in extreme level so that no one even think about breaking security.

benalexis12

full member

Activity: 798

Merit: 117

Quote from: Rikafip on December 20, 2023, 09:26:37 AM

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.

Quote from: https://twitter.com/Ledger/status/1737457365526470665

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.

That's good news if the ledger is going to do that for the users of the ledger who are affected by what has already been compromised. Actually, this incident that happened is quite alarming.

But since they have a reimbursement to make to those affected by that issue, for sure their users will be happy, and this is good news for them so that their trust will still remain in the ledger. That's how I see it, and that's a good step.

Rikafip

legendary

Activity: 1722

Merit: 5937

Good news for all those that lost money in recent hack (I hope no one here was affected) as Ledger just announced via Twitter that they plan to reimburse all those that lost their money ($600k). Plan is to reiumburse everyone until end of February 2024. I guess they realized that their reputation is fucked so know they are trying to smoothen things up.

Quote from: https://twitter.com/Ledger/status/1737457365526470665

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe.

We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps.

Ledger will make sure victims affected will be made whole, and are committing to work with the DApp ecosystem to allow Clear Signing, and no longer allow Blind Signing with Ledger devices by June 2024.

Read more:

We affirm our CEO & Chairman @_pgauthier’s promise to make sure victims who had their assets stolen on Dec 14th, 2023 by the attacker together with angel drainer are made whole, including users who are not Ledger customers.

We commit, by any way possible, including gestures of goodwill, to make sure this is done by the end of February, 2024. We are already in contact with many impacted users and are actively working through the specifics with them.

gmaxwell

staff

Activity: 4172

Merit: 8419

I wonder if Ledger is regretting their decision to support scamcoins yet? -- seams like it may ultimately cost them their business.

It's hard enough to handle bitcoin securely, but to handle alternatives whose designs have big security problems and then to support a thousand of them? It's a recipe for disaster on the basis of complexity alone.

Text

hero member

Activity: 2352

Merit: 588

Bitcoin Casino Est. 2013

According to recent reports, Ledger’s Connect Kit software was compromised, and over $600K in crypto was reportedly drained. Ledger issued an update to its software a few hours after the incident, but users are advised to be cautious about interacting with apps for now. However, it’s important to note that Ledger’s software inside of the hardware wallet was not compromised. The issue lies with the Ledger Connect Kit software, not the hardware wallet itself. So, while your crypto assets should still be secure, it’s recommended to avoid connecting to any decentralized applications temporarily until further notice.

https://economictimes.indiatimes.com/news/international/us/why-has-hardware-wallet-manufacturer-ledger-warned-users-not-to-connect-to-any-dapps/articleshow/106000442.cms
https://insidebitcoins.com/news/ledgers-crypto-nft-hardware-wallet-got-hacked-over-600k-crypto-drained
https://finance.yahoo.com/news/ledger-wallets-drained-crypto-latest-165413366.html

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: Jaycoinz on December 16, 2023, 03:11:23 AM

the CEO is claiming their doing everything under their power to actually maintain the issue from getting out of hand but it would be best for everyone that is using the wallet to actually lay off and stay on a low because it's better to play safe than be ignorant and suffer the cost.

The issue is related to their dapps software, not the HW itself as far as I understand it. Basically a lot of dapps use their connectkit to interact with web3 wallet and somebody managed to publish a fake version of it. While they've published the right version, people should at least their browser cache to ensure they don't cache the fake version. It doesn't matter whether you use Ledger HW or not, as long as your favorite dapps use Ledger's connectkit, you're at risk if you don't do that.

Ledger should improve how they educate their employees since all of this happens because of a phishing attack, which in theory should not be unfamiliar for people who work at a crypto company.

Jaycoinz

full member

Activity: 280

Merit: 151

God is All

Quote from: adaseb on December 16, 2023, 02:00:33 AM

All over Twitter people are filming themselves destroying their ledgers. This is numerous times that something like this has happened. Do you feel safe storing your crypto this way?

Ledger needs to be open sourced and the chances of this happening will be lower, however since they are for profit they obviously aren’t going to do that.

Best cold storage these days is anything that is open sourced.

I don't have any business with ledger wallet whatsoever but its seem the hack was really big although the CEO is claiming their doing everything under their power to actually maintain the issue from getting out of hand but it would be best for everyone that is using the wallet to actually lay off and stay on a low because it's better to play safe than be ignorant and suffer the cost.

Aslo read this article ledger wallet hack about some of the stolen assets worth $60000 has been frozen by the appropriate network in charge of the transaction.

pinggoki

sr. member

Activity: 1442

Merit: 390

★Bitvest.io★ Play Plinko or Invest!

Whoever was the weakest link in the backend of Ledger is going to have his ass handed to him, this isn't just some minor issue because a lot of people have trusted Ledger for a really long time and this happening to them is definitely a damage to their reputation. Hopefully the problem is going to be addressed and that they will find some way to compensate the people that was a victim of the hack and that the authorities are on the case because this is the type of cyber criminal that needs to be punished, no way that there's no malice involved in doing this unlike most hackers that do it for the challenge or the thrill.

Litzki1990

sr. member

Activity: 1190

Merit: 296

Currently users are facing several issues with this hardware wallet. It is believed that users are facing such problems due to their security system being weak. This company once had a good reputation but due to weak security systems, their reputation has been ruined and their user base has dropped drastically. They are finding it difficult to survive in the market as they are now and not sure if this company can survive at all.

SamReomo

hero member

Activity: 784

Merit: 672

Top Crypto Casino

Quote from: KiaKia on December 14, 2023, 10:24:33 AM

If you are using ledger hardware wallet please do not connect to any dapps right now until futher notice, it seems this hardware wallet is freaking too vulnerable to attacks right now.

I have been seeing that news on many Telegram channels that I have subscribed and other social media platforms are also reporting that news. If that's the case then one should be careful with the Ledger wallet. That's why I always recommend everyone to use open-source software base wallet instead of relying on hardware wallets.

The open-source software wallets are much secure as compare to the hardware wallets and I believe the ones who rely on hardware wallets can be huge troubles. Trusting someone's hardware is a risky thing and that's why I believe software based personal wallets works like a charm. I would prefer to go with Electrum as that's the one I use and I will always recommend it.

I hope that users will be safe from this hack and they may not lose any of their funds due to the hardware wallet vulnerabilities. A reminder to those who save their Bitcoin on hardware wallets. Kindly, go with an open source software wallet and an air gapped system to be secure as a Bitcoin holder.

Zaguru12

hero member

Activity: 672

Merit: 855

Quote from: adaseb on December 16, 2023, 02:00:33 AM

All over Twitter people are filming themselves destroying their ledgers. This is numerous times that something like this has happened. Do you feel safe storing your crypto this way?

I think this one of the last stroke for people using Ledger hardware wallets, they might not be affected yet especially people storing only bitcoin but what happens next? Their new recovery policy was already a warning and after this I would say people should be careful about the product.

Quote

Ledger needs to be open sourced and the chances of this happening will be lower, however since they are for profit they obviously aren’t going to do that.

They have actually opted to go for open source after the recovery saga and many users complained I don’t know if they have implemented it or not but still that won’t bring back the trust that has already been broken.

Quote

Best cold storage these days is anything that is open sourced.

Not that open source wallet are even 100% temper proof from hacks even the likes of Trezor still have there vulnerabilities although with the code public users who are tech savvy can easily dictate a back door even though not all. I will consider a cold wallet set up by me personally on an airgap device more secure this days.

NeilLostBitCoin

sr. member

Activity: 868

Merit: 303

I have a Ledger hardware wallet, but I don't feel safe storing it here because it has been compromised before. If there is more news of it being compromised again, I would be forced to sell it.

Quote from: adaseb on December 16, 2023, 02:00:33 AM

All over Twitter people are filming themselves destroying their ledgers. This is numerous times that something like this has happened. Do you feel safe storing your crypto this way?
Ledger needs to be open sourced and the chances of this happening will be lower, however since they are for profit they obviously aren’t going to do that.
Best cold storage these days is anything that is open sourced.

I don't think the company will refrain from doing such things because it's their business and they want to earn more profit. However, I hope they will take all the necessary measures to prevent such incidents from happening again in the future. If this issue persists, it could damage the reputation of the company. Who knows if potential customers will trust their hardware wallet if there are always security issues?

Topic: Ledger seem compromised again (Read 339 times)