Hardware wallet Ledger discovered a vulnerability that can be used to crack all company issued devices, which will inevitably entail the loss of funds by users.
About the new risk of claiming the company warned on Twitter on February 3.
To mitigate the man in the middle attack vector reported here https://t.co/GFFVUOmlkk (affecting all hardware wallet vendors), always verify your receive address on the device’s screen by clicking on the “monitor button” pic.twitter.com/EMjZJu2NDh— Ledger (@LedgerHQ) February 3, 2018
Ledger referred to the portal Docdroid. The message explains that the attack type “man in the middle” (means to intercept data) can be committed when the user attempts to create a new address for receiving bitcoins in the wallet Ledger. If the computer is used in the process, infected by malware, a hacker can secretly replace the code address is generated that will allow him to have all translations on your own wallet.
How can users protect their wallets?
Fortunately, users of Ledger wallets can protect yourself from this attack. The company gave several recommendations.
In its report, the Ledger advises clients to use “methadonemaintenance” function of the purse, through which the recipient’s address can be displayed on the display device.
Clicking on the monitor button in the menu, receiving the translation and checking appearing on the device display address which is generated each time anew, the users can verify its correctness.
The report stated that this test is not mandatory according to the documentation Ledger. Therefore, the company assigns primary responsibility for the security of the funds of the users.
In addition, this feature applies only to receive bitcoins. Taking on your wallet Ethereum, the user will not be able to deduce the address on the display device. In order to avoid hacking when you work with Ethereum, it is proposed to load the operating system using the Live CD.
Hardware wallets are considered as one of the safest ways to store cryptocurrency, unlike online wallets or exchanges.
However, as it turned out, the hardware of the purse doesn’t save users from hackers. The fact that more than 1 million customers Ledger appeared under the threat of attack was proof of that.