According to a tweet from the company published on February 3, a vulnerability has been discovered in Ledger's hardware cryptocurrency wallets that compromises users' funds. A “man in the middle” attack (data interception) can be applied to wallets, which attempts to generate an address for receiving cryptocurrency, and more specifically Bitcoin, to another wallet.
The attack itself can be carried out when a user attempts to create a new address to receive bitcoin on a Ledger wallet.
If the computer on which the action is performed is infected with malware, then the attacker can easily replace the recipient's address. As a result, all transferred funds will go to the hacker’s wallet.
To the great joy of wallet owners, the manufacturing company indicated how this problem can be solved. To do this, you need to use the “undocumented” wallet function. It reflects the receiving address on the physical display of the device itself.
You need to press the monitor button, which is located in the transfer receiving menu. Next, the address will appear on the screen, comparing it with the required one, the user has the opportunity to personally verify its correctness. The address must be confirmed each time a new key needs to be generated.
The company also warns that this feature is optional. Therefore, all responsibility for the consequences lies solely with the users.
Let us remind you that, unlike storing funds on an online exchange or a hot wallet, the use of hardware wallets is considered one of the safest ways to store digital currency.
But, still, this is not a reason to relax too much, since this function only works with Bitcoin. This means that if you intend to transfer, for example, Ethereum, you will not be able to track the address. In such a case, Docdroid offers to boot the operating system via Live CD. Such procedures will need to be followed until the company sorts out the problem and offers other options.
Recall that we discussed similar viruses and ways to avoid address spoofing in this article.
Subscribe to our news in Telegram
You May Also Like
An attack known as a zero-day vulnerability hit routers in Brazil.
Fraudsters carried out a sophisticated stealth mining attack, infecting hundreds of thousands of MikroTik routers across Brazil. The goal of the attack is to create a massive XMR mining bot platform.
Fake Facebook Accounts Are Trying to Steal Your Bitcoin
This month, some Facebook users noticed something strange - in the comments to their posts, Bitmain was advertising some kind of “partnership” that invited the user to make a cryptocurrency transaction. The post looked suspicious, some decided that the company’s page had been hacked.
