According to a tweet from the company published on February 3, a vulnerability has been discovered in Ledger's hardware cryptocurrency wallets that compromises users' funds. A “man in the middle” attack (data interception) can be applied to wallets, which attempts to generate an address for receiving cryptocurrency, and more specifically Bitcoin, to another wallet.
The attack itself can be carried out when a user attempts to create a new address to receive bitcoin on a Ledger wallet.
If the computer on which the action is performed is infected with malware, then the attacker can easily replace the recipient's address. As a result, all transferred funds will go to the hacker’s wallet.
To the great joy of wallet owners, the manufacturing company indicated how this problem can be solved. To do this, you need to use the “undocumented” wallet function. It reflects the receiving address on the physical display of the device itself.
You need to press the monitor button, which is located in the transfer receiving menu. Next, the address will appear on the screen, comparing it with the required one, the user has the opportunity to personally verify its correctness. The address must be confirmed each time a new key needs to be generated.
The company also warns that this feature is optional. Therefore, all responsibility for the consequences lies solely with the users.
Let us remind you that, unlike storing funds on an online exchange or a hot wallet, the use of hardware wallets is considered one of the safest ways to store digital currency.
But, still, this is not a reason to relax too much, since this function only works with Bitcoin. This means that if you intend to transfer, for example, Ethereum, you will not be able to track the address. In such a case, Docdroid offers to boot the operating system via Live CD. Such procedures will need to be followed until the company sorts out the problem and offers other options.
Recall that we discussed similar viruses and ways to avoid address spoofing in this article.
Subscribe to our news in Telegram
You May Also Like
First Bitcoin robbers arrested in Taiwan
According to Aljazeera, four criminals were detained in the city of Taichung. The attackers lured the owner of 18 BTS to a meeting, at which they forced him to transfer cryptocurrency to a specified address, and then beat him.
Botnets have moved from DDoS attacks to hidden mining
As we approach the end of 2018, many cybersecurity firms are releasing annual reports detailing the year's common threats and telling internet users what to expect in the future.
