Hardware wallet manufacturer Ledger has revealed a vulnerability that affects all of its devices and can lead to users losing their funds.
A “man in the middle” attack can be executed when the user attempts to generate a "fresh" address to receive bitcoins to their Ledger wallet. If the computer used in this process is infected by malware, the code responsible for generating the address can be replaced, causing all future deposits to be sent to the attacker.
Ledger has disclosed how to avoid the “man in the middle” attack by taking advantage of an “undocumented” feature of the wallet which displays the receiving address on the wallet’s physical display.
By clicking and confirming the address on the hardware wallet’s display every time a new address is created. Ledger users can ensure that the new address has not been tampered with.
With hardware wallets regarded as one of the safest ways to store cryptocurrencies, this newly discovered attack tool proves that not even hardware wallets are invincible.
Be Careful Out There. :)
