According to a tweet from the company published on February 3, a vulnerability has been discovered in Ledger's hardware cryptocurrency wallets that compromises users' funds. A “man in the middle” attack (data interception) can be applied to wallets, which attempts to generate an address for receiving cryptocurrency, and more specifically Bitcoin, to another wallet.
The attack itself can be carried out when a user attempts to create a new address to receive bitcoin on a Ledger wallet.
If the computer on which the action is performed is infected with malware, then the attacker can easily replace the recipient's address. As a result, all transferred funds will go to the hacker’s wallet.
To the great joy of wallet owners, the manufacturing company indicated how this problem can be solved. To do this, you need to use the “undocumented” wallet function. It reflects the receiving address on the physical display of the device itself.
You need to press the monitor button, which is located in the transfer receiving menu. Next, the address will appear on the screen, comparing it with the required one, the user has the opportunity to personally verify its correctness. The address must be confirmed each time a new key needs to be generated.
The company also warns that this feature is optional. Therefore, all responsibility for the consequences lies solely with the users.
Let us remind you that, unlike storing funds on an online exchange or a hot wallet, the use of hardware wallets is considered one of the safest ways to store digital currency.
But, still, this is not a reason to relax too much, since this function only works with Bitcoin. This means that if you intend to transfer, for example, Ethereum, you will not be able to track the address. In such a case, Docdroid offers to boot the operating system via Live CD. Such procedures will need to be followed until the company sorts out the problem and offers other options.
Recall that we discussed similar viruses and ways to avoid address spoofing in this article.
Subscribe to our news in Telegram
You May Also Like
Canadian exchange closed because hackers stole all funds
Canadian crypto exchange MapleChange announced on Twitter that it had been hacked and went offline. There is nothing to reimburse user funds, so the site has completely ceased operations.
Hackers gained access to 50 million Facebook user accounts
Facebook announced the discovery of another vulnerability, thanks to which hackers gained control of 50 million accounts. The company is still in the early stages of investigating this incident, and its employees announced that they have notified law enforcement authorities about the incident.
