Ledger reports cyber attack compromising a high number of hardware wallets

0
3449
Want create site? Find Free WordPress Themes and plugins.

One reason you might keep an eye out for blockchain news is self interest. By staying alert to what’s going on in the world of cryptocurrency, you can better protect your own finances. A recent story concerning digital wallet company, Ledger, is a perfect example of how knowledge is power when it comes to protecting your Bitcoin or any other blockchain based cryptocurrency.

Hardware wallets are one of the safest means of storing cryptocurrency because USB cold storage devices help eliminate threats of hacking.

However, in order to send funds or issue a receiving address, a hardware wallet has to be plugged in to an internet-enabled device. This particular aspect of hardware wallets has resulted in a vulnerability effecting Ledger devices which researchers only just discovered this past week.

Ledger sold over one million devices just last year alone so the potential impact of a breach due to this particular vulnerability could be huge a blow for those who own cryptocurrency.

Thankfully, the weakness has not yet been exploited; in order to fix the problem, we must understand exactly how a cryptocurrency attack, dubbed the “man in the middle attack,” could play out.

The researchers’ report explains how “Ledger wallets generate the displayed receive address using JavaScript code running on the host machine… malware can simply replace the code responsible for generating the receive address with its own address, causing all future deposits to be sent to the attacker.”

Such an attack would leave the victim initially unaware. The severity of the now only theoretical attack is heightened by the fact that Ledger’s wallet software is stored in the AppData folder and it is, therefore, relatively easy for malware to modify the receiving address.  “All the malware needs to do is replace one line of code…this can be achieved with less than 10 lines of python” stated researchers.

Ledger issued a tweet not only acknowledging the “man in the middle attack,” but, also noting what solution exists to protect Ledger users’ cryptocurrency.

There is already a means of verifying that the receiving address is correct, which the aforementioned report also corroborated.

This solution isn’t perfect, though, because it relies on the user remembering to follow this procedure for every single transaction. “A proper solution would be to [force] the user to validate the receive address before every receive transaction, just like the wallet [forces] the user to approve every send transaction” suggested the report.

Hopefully Ledger will follow Trezor’s example and implement a method which helps users to feel more secure storing and using cryptocurrency.

The strict validation system is already used by another hardware wallet company known as Trezor. Trezor mandates the use of 2FA simply to access the receiving address. While the “man in the middle attack” is only hypothetical right now, it would only take one real attack to possibly crash Bitcoin stocks and reduce trust in cryptocurrency in general.

Despite the somewhat shocking nature of this particular Bitcoin news story, keep in mind that hardware wallets are still significantly safer than using a centralized exchange. Nevertheless, cryptocurrency security will always depend on constant vigilance.

(To learn more about keeping your cryptocurrency secure, read Use These Tips to Avoid Bitcoin Fraud.)

Did you find apk for android? You can find new Free Android Games and apps.

LEAVE A REPLY

Please enter your comment!
Please enter your name here