Ledger Unveils Plan to Reimburse Wallet Drainer Hack Victims

Ledger pledges to make victims of the December 14 wallet-draining hack whole.

Pascal Gauthier posing for the camera framed in a Ledger logo.
Created by Gabor Kovacs from DailyCoin
  • Ledger has unveiled plans to reimburse victims of last week’s hack.
  • The firm has also revealed a plan to bolster security to protect users better.
  • The move comes amid efforts to track down the exploiter.

Last week, the entire DeFi ecosystem came under siege as a hacker took control of Ledger‘s Connect Kit to carry out a large-scale wallet-draining exploit across multiple DApps. While the attacker’s reign of terror proved fleeting, thanks to a prompt response from Ledger, they still managed to make off with $600k worth of crypto assets from unsuspecting users. Amid efforts to recoup these assets, the firm has revealed plans to make victims whole.

Ledger: ‘Affected Users Will Be Made Whole’

In an X post on Wednesday, December 20, Ledger affirmed that it would reimburse victims of the December 14 wallet-draining exploit. Per the notice, the compensation would also include non-Ledger customers.


“We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps. Ledger will make sure victims affected will be made whole,” the firm wrote.

Ledger noted that it intends to finish reimbursements by February 2024, claiming to already be in contact with some affected users.

Aside from plans to make users whole, the crypto wallet manufacturer also disclosed plans to bolster security by working with DApps to implement clear and deprecate blind signing in June 2024.


Clear signing aims to help Ledger users avoid signing malicious transactions by providing an understandable summary of the transaction on their device, as explained by Ledger in a June 2022 blog post. Conversely, with blind signing, users only see raw data humans cannot read.

The Ledger Connector Exploit and Recovery Efforts

On Thursday, December 14, an exploiter took control of Ledger’s Connect Kit library after gaining access to the firm’s internal systems by hacking a former employee. By injecting malicious software into the library, the hacker compromised the front end of several dApps, including SushiSwap and Revoke.Cash, which supported the library to allow Ledger hardware wallet users to perform transactions. Unsuspecting users were tricked into connecting their wallets to a drainer.

Ledger quickly responded with a fix within hours of the attack and has since commenced efforts to track down the attacker, with their address now visible on Chainalysis. As reported by DailyCoin on Friday, December 15, Tether has also frozen the exploiter’s USDT.

On the Flipside

  • Ledger’s announcement suggests that full recovery for some victims of the wallet-draining exploit may still be months away.
  • The Ledger exploiter remains at large.
  • Ledger has warned users of ongoing phishing scams likely trying to bait desperate victims seeking recovery.

Why This Matters

The Ledger announcement provides succor to users who lost funds in last week’s hack, providing hope of recovery.

Read this for more on the Ledger hack:
Sushi CTO Warns Ledger Connector Exploited: How to Stay Safe

Ethereum (ETH) supply on exchanges has hit an all-time low. Find out more:
ETH Bull Thesis Grows as Exchange Balance Hits Record Low

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Okoya David

David Okoya is a crypto news reporter at DailyCoin based in Nigeria. He covers various topics related to the cryptocurrency industry, including exchanges, regulations, and price movements, and strives to bring fresh angles to breaking news. With experience as a freelance crypto news writer, David upholds the highest journalistic standards, telling complete stories and answering lingering questions whenever possible.