The CEO of Ledger comments on the recent incident:
- The CEO of Ledger, Pascal Gauthier, describes the incident as isolated and unfortunate.
- He announced that Ledger will enhance its security system.
- As a reminder, the attack targeted Ledger’s code library.
The CEO of Ledger speaks out about the incident
The CEO of Ledger, Pascal Gauthier, recently referred to the attack on his company as a “isolated and unfortunate incident.”
The attack was made possible through a phishing campaign targeting a former employee, which granted the attackers access to the Ledger code library.
Gauthier emphasized that Ledger normally follows strict access control procedures and code reviews by multiple parties, but this attack exposed a vulnerability in these systems.
“Any employee leaving the company has their access to all Ledger systems revoked. This is an unfortunate isolated incident. It reminds us that security is not static, and Ledger must continually improve our security systems and processes.” – stated the CEO of Ledger
Enhanced security measures by Ledger
In response, Gauthier stated that Ledger will strengthen its security controls, particularly by improving security around dApps that allow “browser-based signing.”
Ledger has also acted swiftly to deploy the genuine ConnectKit and remove the malicious code in collaboration with WalletConnect, within approximately 40 minutes of its discovery. Ledger is collaborating with authorities to support affected users and track down the malicious actor involved in this attack.