Ledger revealed that it will fully compensate individuals impacted by the ConnectKit library compromise by February 2024. The vulnerability allowed attackers to steal digital assets from users who blind-signed on EVM dApps. While the company actively engages with the affected users, it aims to continue enhancing security measures to prevent similar incidents in the future. The breach affected various DeFi projects, including SushiSwap, which warned its users not to interact with their website's frontend following the compromise.
Furthermore, Ledger is working on phasing out the Blind Signing feature and introducing Clear Signing, empowering users to verify all transactions on their devices before signing. The company emphasizes that Clear Signing is essential in mitigating front-end attacks on cryptocurrency platforms, as it enables users to see and confirm what they are signing on a secure display.