JAKARTA - Ledger, one of the world's leading crypto security companies, recently became a victim of a phishing attack targeting users who used the blind signing feature on decentralized applications (dApps) based on Ethereum Virtual Machine (EVM).
For information only, the blind signing feature allows users to agree to a smart contract transaction without knowing the details.
This phishing attack takes advantage of the weakness of the feature to send malicious codes that can drain user funds from their crypto wallets. A number of popular decentralized applications, such as Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, were affected by this attack.
SEE ALSO:
Knowing the incident, Ledger did not remain silent and immediately took important steps to address this issue. Ledger identified and fixed the malicious code at 13:35 UTC, just hours after the phishing attack was carried out.
The company is also committed to helping affected users and trying to recover their funds before the end of February 2024.
In addition, Ledger also plans to cooperate with the dApp ecosystem to implement the Clear Signing feature, which will display smart contract transaction details on the Ledger device screen, so that users can verify before approving it.
This feature is expected to prevent future phishing attacks. Ledger also decided to stop using his device for blind signings before June 2024.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)