In addition to reimbursing the users affected by the exploit, Ledger plans to remove the Blind Signing procedure from its devices by June 2024.
With an official statement on December 20, following last week’s exploit, Ledger announced that it will disable the Blind Signing procedure for decentralized EVM (dApps) applications by the end of June 2024. The company has also reassured that the victims of the exploit will receive reimbursement for the lost funds. According to Ledger’s report, the attack resulted in the theft of approximately $600,000 in cryptocurrencies.
Transition to Clear Signing in the near future
The Blind Signing procedure allows the display of smart contract signature data in a format interpretable by computers but incomprehensible to a human reader. However, Ledger has consistently advocated for an approach known as ‘what you see is what you sign,’ referred to as Clear Signing, where the signature of a smart contract is analyzed in a format readable by humans.
In its announcement, Ledger hinted that the transition from Blind Signing mode ‘will lead to a new standard of user protection and promote the use of Clear Signing in dApps.’ The company expressed the hope that dApp developers will support this shift towards such an approach.
