Ledger strengthens security measures following isolated hacking incident
Pascal Gauthier, CEO of Ledger, responded to the December 14 hack of the wallet provider in a post on the company's blog. He calls the hack of Ledger's Javascript connector library an "isolated incident" and promises to strengthen security controls. Ledger is committed to helping those affected recover their assets.
The hack lasted less than two hours and was quickly disabled. It was limited to third-party decentralized applications (DApps). It was made possible after a phishing scam targeting a former employee. Ledger hardware and the Ledger Live platform have not been affected.
Ledger has strict security measures in place, with multiple reviews and signatures for most elements of the development. Any employee who leaves the company has their access revoked for each Ledger system. To enhance security, Ledger will connect its build pipeline to the NPM software supply chain.
Pascal Gauthier considers this hack to be an isolated incident. He thanks WalletConnect, Tether, Chainalysis and ZachXBT for their help. The size of the hack is estimated at $504,000 as of 8 p.m. UTC. It could affect Ethereum Virtual Machine users who interacted with the affected DApps.
