Skip to main content

Featured Story

Produced by Daniel Aharonoff & Mogul Media AI

Bitcoin Spot ETFs Attract $3 Billion in One Month

Bitcoin Spot ETFs: A New Era in Investment The recent launch of Bitcoin spot exchange-traded funds (ETFs) in the United States has ushered in a remarkable financial phenomenon, capturing the attention of investors and analysts alike. Within just a month, these pioneering investment vehicles have attracted over $3 billion in net flows, a figure that notably eclipses the initial performance of gold ETFs when they made their market debut two decades ago. This trend signals not only a shift in investor sentiment but also a redefinition of traditional asset allocation strategies. For those looking to dive deeper into this area, the Comprehensive Guide to Spot Bitcoin ETFs offers valuable insights into navigating these new financial waters. Key Highlights Impressive Net Flows : Bitcoin spot ETFs have drawn over $3 billion in net flows within their first month, demonstrating robust market enthusiasm. Comparison to Gold ETFs : This performance surpasses that of gold ETFs at their inc
Post a Comment
Read more
Produced by Daniel Aharonoff & Mogul Media AI

Protecting User Security: Ledger Disables Blind Signing for DApps to Safeguard Crypto Assets

to address the issue and that all affected victims would be compensated for their losses.

Ledger, the hardware wallet manufacturer, has announced that it will disable blind signing for EVM decentralized applications (dapps) by June 2024, following a recent exploit that resulted in the theft of approximately $600,000 in crypto assets. Blind signing involves the display of raw smart contract signing data that can be parsed by computers but is incomprehensible to a human reader. In contrast, Ledger has advocated for a "what you see is what you sign" approach known as clear signing, which parses smart contract signing in a human-readable manner.

The recent exploit involved a malicious version of the Ledger Connect Kit, a library that enables Ledger devices to connect with dapps. The attacker injected a wallet draining payload into the ledgerconnect kit's NPM package, allowing them to drain the funds of users who signed on dapps such as Sushi.com and Hey.xyz. This incident prompted software wallet developer MetaMask to warn users to stop using dapps.

Ledger has confirmed that the attack occurred due to a former employee falling victim to a phishing attack, which allowed the attacker to gain access to the former employee's NPMJS account. With this access, the attacker was able to push a malicious version of the Ledger Connect Kit that rerouted user funds from any wallet connecting to a dapp using it to the hacker's own wallet. However, Ledger has since deployed a fix to address the issue.

In response to the exploit, Ledger has announced that it will no longer allow Blind Signing with Ledger devices by June 2024. The company believes that this move will lead to a new standard that better protects users and encourages the adoption of Clear Signing across DApps. Ledger has also encouraged dapp developers to support clear signing in order to enhance security for their users.

Furthermore, Ledger has taken responsibility for the incident and has committed to compensating all affected victims for their losses. The company's commitment to making the victims whole is commendable and demonstrates its dedication to the security and well-being of its users.

In conclusion, the recent exploit that led to the theft of crypto assets has prompted Ledger to disable blind signing for EVM decentralized applications by June 2024. Ledger's move to sunset blind signing is aimed at enhancing security and promoting the adoption of clear signing across DApps. The company has taken swift action to address the issue and has committed to compensating affected victims. This incident serves as a reminder of the importance of continually strengthening security measures in the cryptocurrency industry.

Email Post

Comments

Post a Comment

Trending Stories