Posted on

Ledger Commits To Full Restitution For Victims Of $600,000 ConnectKit Attack

Hardware wallet manufacturer Ledger has responded to a recent security breach resulting in the theft of $600,000 worth of user assets. 

The company has pledged to enhance its security protocols by eliminating Blind Signing, a process where transactions are displayed in code rather than plain language, by June 2024.

Ledger Takes Responsibility For ConnectKit Attack

In a statement, Ledger emphasized its focus on addressing the recent security incident and preventing similar occurrences in the future. 

The company acknowledged the approximately $600,000 in assets that were impacted by the ConnectKit attack, particularly affecting users blind signing on Ethereum Virtual Machine (EVM) decentralized applications (dApps). 

Furthermore, Ledger pledged to make sure affected victims are fully compensated, including non-Ledger customers, with CEO & Chairman Pascal Gauthier personally overseeing the restitution process. 

According to the statement, Ledger has already initiated contact with affected users and is actively working with them to resolve their specific cases.

In addition, by June 2024, blind signing will no longer be supported on Ledger devices, contributing to a “new standard of user protection” and advocating for “Clear Signing,” which refers to a process that allows users to verify transactions on their Ledger devices before signing them across dApps.

On this matter, Ledger’s CEO Pascal Gauthier stated

My personal commitment: Ledger will dedicate as much internal and external resources as possible to help the affected individuals recover their assets.

Heightened dApp Security Measures

According to an incident report released by the hardware wallet manufacturer, the attack exploited the Ledger Connect Kit, injecting malicious code into dApps utilizing the kit. 

This malicious code redirected assets to the attacker’s wallets, tricking EVM dApp users into “unknowingly signing transactions” that drained their wallets. 

Ledger addressed the attack by deploying a genuine fix for the Connect Kit within 40 minutes of detection. The compromised code remained accessible for a limited time due to the nature of content delivery networks (CDNs) and caching mechanisms.

Ledger acknowledged the risks faced by the entire industry in safeguarding users and emphasized the need to continually raise the bar for security in dApps. 

The company plans to strengthen its access controls, conduct audits of internal and external tools, reinforce code signing, and improve infrastructure monitoring and alerting systems. 

Additionally, Ledger will educate users on the importance of Clear Signing and the potential risks associated with blind signing transactions without a secure display.

Notably, with Clear Signing, users are presented with a clear and readable representation of the transaction details, enabling them to review and validate the transaction before providing their signature. 

This added layer of transparency and verification helps users mitigate the risks associated with front-end attacks or malicious code injected into decentralized applications

Ledger

Featured image from Shutterstock, chart from TradingView.com

Posted on

Solana-Based Aurory Suffers Devastating Exploit: 80% Of Liquidity Gone

Aurory (AURY), a blockchain-based tactical Japanese role-playing game built on Solana (SOL), recently experienced a significant liquidity loss in its Camelot’s AURY-USDC pool. 

The incident occurred due to a hack on the SyncSpace bridge, which resulted in the unauthorized withdrawal and subsequent market sale of approximately 600,000 AURY tokens on the Arbitrum (ARB) network. 

Aurory SyncSpace Bridge Hacked

In an official statement released on December 17, Aurory’s team disclosed the details of the incident. The team detected unusual activity on their marketplace and promptly initiated an investigation, which revealed that a malicious actor had exploited the marketplace’s buy endpoint. 

This exploit allowed the attacker to inflate their AURY balance in SyncSpace, enabling them to withdraw around 600,000 tokens to the Arbitrum network. The attacker then liquidated the stolen amount by selling it in the market.

To protect user funds, SyncSpace was promptly disabled for maintenance, temporarily suspending deposits and withdrawals. Importantly, the statement assured that no user funds or non-fungible tokens (NFTs) were lost or at risk during the incident. 

The AURY tokens originated from a team wallet, facilitating withdrawals for accounts not previously deposited AURY.

Exploit Mitigated

The Aurory statement emphasized that the exploit is no longer ongoing, as SyncSpace remains offline for maintenance. As a result, there is currently no risk of further exploits. Additionally, it was confirmed that the attacker has exhausted their AURY supply and no longer possesses any tokens to sell.

Moreover, SyncSpace will investigate further to determine how the exploit went undetected despite the previous expert audit. 

The team also plans to release a comprehensive post-mortem report once the necessary fixes have been implemented and the investigation concludes. They expect SyncSpace to be back online in the coming days.

Since October 30, the price of Aurory’s token, AURY, has experienced a significant upward trend, culminating in a yearly high of $1.9008 on December 12. However, following the recent exploit, the price of AURY has retraced to $1.0868, marking a decline of 23.5% over the past 24 hours and 36.5% over the past seven days. 

Despite this setback, AURY still boasts substantial gains of 74% and 70% over the 30-day and one-year periods, respectively.

Aurory

The market now awaits to see whether the token’s support lines at $0.9681 and $0.9086 will be able to halt the potential continuation of the price drop or if they will succumb to the prevailing downtrend, putting a significant portion of its 2023 gains at risk.

Featured image from Shutterstock, chart from TradingView.com

Posted on

Argentina Welcomes First Pro-Bitcoin President, BTC Price Surges Above $37,000

In a historical moment for both the nation and the crypto community, Argentina has ushered in a new era by welcoming its first-ever pro-Bitcoin President. 

Argentina Elects Pro Bitcoin President

On November 19, Argentina released the results of its presidential election. Reports of the election results reveal that right-wing libertarian and Bitcoin advocate, Javier Milei won almost 56% out of 90% of votes counted. While his rival candidate, Minister Sergio Massa garnered 44% of the votes. 

The momentous victory positions Milei as the face of a new era in Argentina, marked by his stated commitment to solving inflationary problems in the country by abolishing the country’s Central Bank and using digital currencies like Bitcoin. 

In a public victory speech to his supporters in Buenos Aires, Milei declared that the transformative process of Argentina had just begun and the country was on its way to economic recovery. He promised to work with all the nations to help develop Argentina and make it a better country. 

“Today begins the reconstruction of Argentina. Today begins the end of Argentina’s decline. The model of decadence has come to an end. There is no way back,” Milei stated. 

He further added that “Argentina will return to its place in the world that it should never have lost. We are going to work shoulder-to-shoulder with all nations of the free world, to help build a better world.”

Former President of the United States, Donald Trump commended Milei on securing victory in the Argentinian Presidential election. He expressed his pride in Milei’s incredible feat and stated his anticipation for Milei’s efforts in restoring Argentina. 

“Congratulations to Javier Milei on a great race for President of Argentina. The whole world was watching! I am very proud of you. You will turn your Country around and truly Make Argentina Great Again,” Trump stated

BTC Price Surges As Argentina Embraces New Era Of Crypto

Following the news of Javier Milei’s victory in Argentina’s Presidential elections, Bitcoin price has been on an upward trend, trading above the $37,000 mark. The price of the cryptocurrency at the time of writing is $37,199 according to CoinMarketCap. 

One of Milei’s primary policy plans as Argentina’s President is to discontinue the use of the Argentinian peso and adopt the United States Dollar as the country’s main currency. He has also mulled over the introduction of Bitcoin as a potential legal tender and declared possibilities of launching a Central Bank Digital Currency (CBDC) in Argentina. 

While the proposals aim to significantly reduce the long-lasting inflationary crisis in the Argentinian economy, the involvement of Bitcoin could potentially herald a new wave of economic growth for the crypto industry.

Bitcoin price chart from Tradingview.com (Argentina)