'Ledger CEO Pascal Gauthier Responds to Recent Hack, Promises Strengthened Security Measures'
Summary:
Pascal Gauthier, the CEO of Ledger, addressed the recent cyberattack on the company's blog, calling it an "isolated incident" and vowing for improved security measures. The breach, orchestrated through a phishing scam targeting a former employee, affected Ledger's Javascript connector library but spared its hardware and Ledger Live platform. While the initial estimates of loss stood at $484,000, it later rose to $504,000. Gauthier sealed his statement by reassuring that Ledger's Connect Kit is secure and thanking several companies for their assistance.
Pascal Gauthier, Chief Executive Officer at Ledger, has opened up about the Dec. 14 cyber breach involving the company's wallet in a blog post. He described the hack, which targeted Ledger's Javascript connector library, as a "single occurrence," pledging robust advances in security measures. He reaffirmed his personal commitment to allocating both internal and external resources to assist victims in recovering their assets.
Gauthier clarified that the exploit, which operated for under two hours, was deactivated within just 40 minutes of its detection and was restricted to third-party DApps. According to him, the gateway for the attack was a former worker falling prey to an online scam, whose identity was found in the compromised code. The breach did not affect Ledger hardware or the Ledger Live platform. He emphasized that the company's standard procedure entails multi-checks on code deployment, stringent access control, and internal audits; procedures maintained in nearly all of their internal systems. Any exiting worker's access gets instantly revoked.
The Ledger CEO classified the incident as an "unfortunate standalone event," assuring improved security control measures which include linking their strict software supply chain security to the NPM distribution channel. He warned that a similar attack could happen elsewhere, however, reassured that the Ledger Connect Kit 1.1.8 is secure for use. Gauthier expressed his gratitude to WalletConnect, Tether, Chainalysis, and zachxbt for their help.
The damage of the hack was initially projected at $484,000. However, Blockaid, a Web3 security service, later disclosed to Cointelegraph that the amount increased to $504,000 by 20:00 UT. Any EVM user interacting with the impacted DApps may have been affected, the company revealed.
A final note mentioned the story of a Silk Road hacker who stashed $3.4B worth of Bitcoin in a popcorn tin.
Published At
12/14/2023 11:54:06 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.