• Press Releases
    • Submit a press release
    • Read All
  • Advertise
  • Contact us
Crypto.com Logo Crypto.com Logo
Bitcoinist.com
No Result
View All Result
  • Bitcoin
    • News
    • Price
    • Businesses
    • Acceptance
    • Technology
    • Investment
    • Regulation
    • Reviews
    • Gambling
      • Bitcoin Casinos
      • Real Money Slots
      • Online Casino Real Money
    • All Bitcoin News
  • Altcoins
    • News
    • Price
    • Ethereum
    • Ripple
    • Litecoin
    • EOS
    • NAGA
    • All Altcoin News
  • Tech
    • Blockchain
    • Security
    • FinTech
  • Industry
    • Industry News
    • Press Releases
  • Price
    • Bitcoin Price
    • Ethereum Price
    • Litecoin Price
    • Binance Coin Price
  • How to
    • Buy gift cards/mobile Top Ups with Cryptos
    • What Is Bitcoin?
    • Best Bitcoin Wallet
    • Bitcoin vs Ethereum
    • Why Use Blockchain Technology?
    • Bitcoin Cash ABC vs. Bitcoin Cash SV
    • How to Buy Cryptocurrency
    • Bitcoin Mining
    • Best Bitcoin Brokers
    • Best Bitcoin Forex Brokers
    • How To Earn Bitcoin
    • What is Facebook Libra?
    • Ripple and XRP: The Complete Guide
    • Bitcoin Casinos – Where, What and How to Play
  • Events
  • Play Games
  • Play Casino Games
  • Play Finance
Breaking News: Breaking: Binance Shocks Employees With Sudden Layoffs - What's Next For The Crypto Giant?
  • Bitcoin
    • News
    • Price
    • Businesses
    • Acceptance
    • Technology
    • Investment
    • Regulation
    • Reviews
    • Gambling
      • Bitcoin Casinos
      • Real Money Slots
      • Online Casino Real Money
    • All Bitcoin News
  • Altcoins
    • News
    • Price
    • Ethereum
    • Ripple
    • Litecoin
    • EOS
    • NAGA
    • All Altcoin News
  • Tech
    • Blockchain
    • Security
    • FinTech
  • Industry
    • Industry News
    • Press Releases
  • Price
    • Bitcoin Price
    • Ethereum Price
    • Litecoin Price
    • Binance Coin Price
  • How to
    • Buy gift cards/mobile Top Ups with Cryptos
    • What Is Bitcoin?
    • Best Bitcoin Wallet
    • Bitcoin vs Ethereum
    • Why Use Blockchain Technology?
    • Bitcoin Cash ABC vs. Bitcoin Cash SV
    • How to Buy Cryptocurrency
    • Bitcoin Mining
    • Best Bitcoin Brokers
    • Best Bitcoin Forex Brokers
    • How To Earn Bitcoin
    • What is Facebook Libra?
    • Ripple and XRP: The Complete Guide
    • Bitcoin Casinos – Where, What and How to Play
  • Events
  • Play Games
  • Play Casino Games
  • Play Finance
Bitcoinist.com
No Result
View All Result
Breaking News: Breaking: Binance Shocks Employees With Sudden Layoffs - What's Next For The Crypto Giant?

Ledger Hardware Wallets Vulnerable to ‘Man in the Middle’ Attacks

Patrick Smith by Patrick Smith
5 years ago
in News, Altcoin News, Bitcoin, Bitcoin Wallet, Ethereum, Hardware, News teaser
0

Ledger hardware wallets, once considered one of the safer methods to store cryptocurrency, have been reported to be vulnerable to “man in the middle” attacks.


The Flaw

A team of unknown security researchers exposed a vulnerability that allegedly involves all Ledger hardware wallets. The discovery of the issue is said to have affected over one million users and has made it evident that the devices are not a foolproof method of storing crypto.

The newfound threat allows cybercriminals to show fraudulent addresses to ledger users/ customers in order to drain the user’s wallet and transfer the contents into their own wallet.

The problem was addressed by Ledger on February 3rd when the company Tweeted a report containing details of the vulnerability. The report offers preventative steps to avoid falling victim to attack but does not offer a real fix or solution.

To mitigate the man in the middle attack vector reported here https://t.co/GFFVUOmlkk (affecting all hardware wallet vendors), always verify your receive address on the device's screen by clicking on the "monitor button" pic.twitter.com/EMjZJu2NDh

— Ledger (@LedgerHQ) February 3, 2018

The security researchers behind the discovery reported that Ledger did not take the findings seriously, saying

We contacted the CEO and CTO of Ledger directly in order to privately disclose and fix the issue. We’ve received a single reply, asking to hand over the attack details. Since then, all our mail have been ignored for three weeks, finally receiving an answer that they won’t issue any fix/ change.

Instead, the company plans on raising public awareness so that users can protect themselves from these types of attacks.

How It’s Done

A Ledger wallet creates a brand new address every time a payment is to be received, however, a man-in-the-middle attack will transfer the cryptocurrency to a fraudulent address instead of the user’s wallet. The report released by Ledger states that the attack is carried out when a Ledger customer uses a computer infected with malware, allowing the cybercriminal to interfere with the addresses that the cryptocurrency is intended for.

Once the computer is compromised, the attacker can discreetly change the code used to generate the unique address and, consequently, deposit the balance in their own wallet.

This is due to the wallet using a JavaScript code running on the computer. A computer infected with the malware only needs to replace the code that generates the receiving address with a code that leads to the attacker’s wallet.

Man in the Middle Attack

Preventing Attack

The report went on to mention suggestions for preventing an attack. It stresses that users verify the wallet address that funds are being sent to before transferring. A user can check this by clicking on the button below the QR Code to display the address of the hardware wallet and verify it. (Shown above in Tweet)

As it continues, the report explains that the module is not applicable on the Ether wallet interface from Ledger due to the fact that the Ethereum app does not have mitigation, leaving the user unable to confirm whether the address is correct or not. As a result, the unnamed authors of the report suggested

If you’re using the Ethereum App – Treat the Ledger hardware wallet the same as any other software-based wallet, and use it only on a Live CD operating system that is guaranteed to be malware-free. At least until this issue receives some kind of fix.

Do you have a Ledger product? What are your thoughts on these new attacks? Let us know in the comments below!


Images courtesy of Pixabay, LinkedIn

ShareTweetShareShare

Sign Up for Our Newsletter!

For updates and exclusive offers enter your email.

I consent to my submitted data being collected and stored.

Patrick Smith

Patrick Smith

Related Posts

Ethereum

Bullish Signal? Ethereum Average Fees Declines 69% Since Early May

19 hours ago
Ethereum Deribit

Ethereum Open Interest On Deribit At A 3-Year High

3 days ago
Bitcoin Whale Shark

Bitcoin Sharks & Whales Have Bought 93,000 BTC Since April Top: Santiment

3 days ago
Bitcoin

BREAKING: Bitcoin Mining Industry Spared From 30% Tax In US Debt Ceiling Deal

3 days ago
Bitcoin

Bitcoin Taker Buy Sell Ratio At Highest Since Feb, What Does It Mean?

4 days ago
Bitcoin

Bitcoin Shrimps Continue Aggressive Accumulation As Holdings Hit ATH

4 days ago
Please login to join discussion

Premium Partners

Premium Casino Partners

Play Finance

Now Trending

  • Whale Power Unleashed: Mooky Emerges as the Rival Meme Coin...

    17 hours ago
  • Exploring the Meteoric Rise of Mooky: Could It Be the Next...

    17 hours ago
  • Discover the Next Big Thing: Mooky.io Presale Boasting Fair...

    20 hours ago

Top Casinos

Trust Dice
Trust Dice
Punt Casino
Punt Casino
mBit
mBit
1xBit
1xBit
K8
K8

Press Releases

  • The Next Pepecoin: Invest Now in the Hottest Upcoming Token...

    35 mins ago
  • BNB Chain Sees Its Highest Volume This Year As Uwerx(WERX)...

    36 mins ago
  • Smart Bitcoin Ignites Tech Innovation, BTCDomain Pioneers...

    36 mins ago
  • Investors Pick Sparklo (SPRK) Over Chiliz (CHZ) Due To Its...

    41 mins ago
  • Injective Price Hits One-Month High, TMS Network Offers...

    1 hour ago

Bitcoin news portal providing breaking news, guides, price analysis about decentralized digital money & blockchain technology.

Bitcoin

  • News
  • Price
  • Businesses
  • Acceptance
  • Technology
  • Investment
  • Regulation
  • Reviews

Altcoins

  • News
  • Price
  • Ethereum
  • Ripple
  • Litecoin
  • EOS
  • NAGA

Categories

  • Blockchain
  • Security
  • FinTech
  • Technology
  • Trending
  • Breaking News
  • Press Releases
  • How to

Pages

  • Contact us
  • Editorial Policy
  • Advertise
© 2023 Bitcoinist.com. All Rights Reserved.
  • Bitcoin
    • News
    • Price
    • Businesses
    • Acceptance
    • Technology
    • Investment
    • Regulation
    • Reviews
    • Gambling
      • Bitcoin Casinos
      • Real Money Slots
      • Online Casino Real Money
    • All Bitcoin News
  • Altcoins
    • News
    • Price
    • Ethereum
    • Ripple
    • Litecoin
    • EOS
    • NAGA
    • All Altcoin News
  • Tech
    • Blockchain
    • Security
    • FinTech
  • Industry
    • Industry News
    • Press Releases
  • Price
    • Bitcoin Price
    • Ethereum Price
    • Litecoin Price
    • Binance Coin Price
  • How to
    • Buy gift cards/mobile Top Ups with Cryptos
    • What Is Bitcoin?
    • Best Bitcoin Wallet
    • Bitcoin vs Ethereum
    • Why Use Blockchain Technology?
    • Bitcoin Cash ABC vs. Bitcoin Cash SV
    • How to Buy Cryptocurrency
    • Bitcoin Mining
    • Best Bitcoin Brokers
    • Best Bitcoin Forex Brokers
    • How To Earn Bitcoin
    • What is Facebook Libra?
    • Ripple and XRP: The Complete Guide
    • Bitcoin Casinos – Where, What and How to Play
  • Events
  • Play Games
  • Play Casino Games
  • Play Finance

© 2023 Bitcoinist. All Rights Reserved.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Center or Cookie Policy.