New vulnerability of Ledger hardware wallets threatens safety …

New vulnerability of Ledger hardware wallets threatens the safety of users’ cryptocurrency assets

Vulnerability found in Ledger hardware wallets, which can used to hack all issued company devices.

According to the Docdroid portal [PDF], a man-in-the-middle attack can be carried out when the user tries to to create new address for receiving bitcoins in the Ledger wallet. If computer used in the process, infected malicious software, a hacker can secretly change the address generation code, which will allow him to receive everything transfers to your own wallet.

Fortunately, Ledger wallet users can protect themselves from this attack.. For of this they need to take advantage of an “undocumented” function with which the recipient’s address can be displayed on the device.

By pressing the button in the form of a monitor in the transfer receipt menu and checking the address that appears on the device display, users may make sure of him correctness.

New vulnerability of Ledger hardware wallets threatens safety ...

Report Writers celebrate, that this check is not is an mandatory according to documentation Ledger.

Besides Togo, this function extends only for receipt bitcoins. Taking on your Ethereum wallet, user does not have opportunities display the address on the device display. To to avoid hacking when working with Ethereum, Docdroid offers to download the operating system at help the Live CD until the company offers another decision.

Recall that earlier Ledger hardware wallet users have become victims malicious eBay sellers.