Ledger CEO Addresses Hack, Vows to Strengthen Security Measures

Isolated Incident, Stronger Security Measures Promised

Following the recent hack of its Javascript connector library, Ledger CEO Pascal Gauthier has assured users that the incident was an isolated one and that the company is committed to enhancing its security controls. The hack, which affected third-party DApps, was quickly deactivated and did not impact Ledger hardware or the Ledger Live platform.

Phishing Scam and Strong Access Controls

Gauthier explained that the hack was made possible after a former employee fell victim to a phishing scam, with their identity allegedly being left behind in the hacked code. However, Gauthier emphasized that Ledger has strict access controls in place, including internal reviews and multi-signatures for code deployment.

Implementing Stronger Security Measures

Addressing the incident as "unfortunate" but isolated, Gauthier announced that Ledger will implement stronger security controls, connecting their build pipeline to ensure strict software supply chain security. He also acknowledged the assistance provided by WalletConnect, Tether, Chainalysis, and zachxbt.

Potential Impact and Increased Hack Size

The hack initially estimated at $484,000 has been revised to $504,000 by Web3 security service Blockaid. Ledger warned that any EVM user who interacted with affected DApps could be at risk.

Source: The Guardian