On December 27, at Berlin's 35C3 Refreshing Memories conference, a set of researchers announced that they had hacked a trio of hardware-based cryptocurrency wallets: Ledger's Nano and Blue wallets as well as the Trezor One. However, today Ledger stated in a Medium blog post that it does not believe the exposed vulnerabilities are critical in nature. Ledger says that the vulnerabilities are not critical because the researchers were not able to extract a PIN or a seed from a stolen wallet. They further added that all "sensitive assets" on the devices remained secure from attackers. Addressing the Nano wallet vulnerability specifically, Ledger insisted that, while the vulnerability does allow an attacker to modify the device, the attacker would still have to somehow install malware on the victim's computer and gain access to the victim's PIN in order to sign a transaction. Ledger believes that this is not a practical means of attack. They further denied the researchers' claim that they were able to send "malicious transactions" to the wallet's security chip. In regards to the Blue wallet vulnerability, Ledger says that it, too, is not practical and is entirely unrealistic. According to the company, the hacker's receiver would have to be located at the same exact spot as the attacked device. The USB cable would also have to be located in a very particular position for the attack to work properly. The company insists that the attack could only work if the wallet was completely immobile, which is unlikely. Still, Ledger says that it will be issuing a firmware update for the Blue wallet that will address the vulnerability by utilizing what it calls a "randomized keyboard for the PIN." Ledger went on to say that they were disappointed that the researchers did not follow the company's procedures for reporting vulnerabilities. These procedures, which are outlined in Ledger's official bounty program, require that vulnerabilities not be publically disclosed until the company has had sufficient time to patch them and "to mitigate risk for users." Last month, Ledger announced that it was expanding operations to New York, so that it could develop its institutional custodial business.
Subscribe to Find the Best Cryptocurrencies & News - 99 Crypto
Get the latest posts delivered right to your inbox.