Cryptonews Exclusives 15-Year-Old Security Researcher Discovers Ledger Wallet Vulnerability

15-Year-Old Security Researcher Discovers Ledger Wallet Vulnerability

Sead Fadilpašić
Sead Fadilpašić
Last updated: | 1 min read

Ledger, a manufacturer of hardware wallet for cryptocurrencies, released an update to its firmware, 1.4.1, accompanied by blog post that said they would be looking into security fixes. This comes after independent security researcher Saleem Rashid has demonstrated a new attack hackers can employ to break your Ledger Nano S wallet and steal your precious coins – both physically and remotely.

Source: ledger.fr

In a blog post Rashid explained, “The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element. An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.” He added, “I have demonstrated this attack on a real Ledger Nano S. Furthermore, I sent the source code to Ledger a few months ago, so they could reproduce it.”

Ledger followed up by saying that, “Following a transparent and responsible disclosure process, we are giving a full detailed assessment of the fixed attack vectors that the Firmware 1.4 patches, which were initially reported by three security researchers. As the publication of these technical details might elevate the threat level of non-patched devices, we strongly encourage our users to update their firmware.”

Ledger says the security researchers were asked to sign a Bounty Program Reward Agreement as one of the conditions of being remunerated for their efforts. Rashid actually forwent his bounty reward so that he could publish his blog post to explain in great detail what the security problem was, saying, “I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.”

Still, there may not be too much cause for alarm. Attacks such as the one demonstrated by Saleem Rashid show the difficulty of creating a device that is immune from all known forms of attack.

Hack Ledger Security Wallet

Most Popular

Altcoin News
Armenian Officials Trained on Essential Techniques and Tools for Effective Crypto-Crime Investigations
Blockchain News
Real-World Data Unlocks the True Value of Tokenization: Chainlink
Altcoin News
Stripe to Resume Crypto Payments, Starting with USDC Stablecoin on Numerous Blockchains
News
DCG Boosts Legal Arsenal with First Chief Hire During New York AG Dispute
Altcoin News
Pantera Capital Seeks to Raise $1 Billion for New Fund Offering Exposure to Crypto Assets
Bitcoin News
Bitcoin Price Prediction as ‘Bitcoin Halving’ Executes Successfully – Will a New Bull Market Start Now?

Latest news

Altcoin News
Data Indicates Stablecoins Are Becoming A Global Asset Class
Bitcoin News
Bitcoin Price Chops Either Side of $64,000 Following Latest US Inflation Report – Here’s What You Need To Know
Blockchain News
CryptoQuant CEO Supports Crypto Mixing, Says It’s Not A Crime
Ethereum News
$510 Million in Ethereum Longs at Risk Amid Potential Weekend Volatility – Massive Price Swing Incoming?
Bitcoin News
Crypto Billionaire Arthur Hayes Predicts Bitcoin Bull Run to Return After $1.4 Trillion US Liquidity Spike
Blockchain News
Elizabeth Warren-Challenger John Deaton to File Brief in Support of Coinbase Appeal in SEC Case Today: Fox
Bitcoin News
Bitcoin Price Prediction as BTC Climbs to $64,226 Amidst Positive Market Trends – Time to Buy

Similar News