A vulnerability that affects every Ledger hardware wallet on the market would permit for malicious parties to voorstelling Ledger customers fraudulent receive addresses. If users request funds to thesis addresses, cryptocurrency intended for them would end up te an attacker’s wallet instead.
UPDATED | February 6, 2018:
The company is encouraging its users “to find bugs, or security vulnerabilities,” and says, “While our bounty program has not bot officially launched yet, there is already a dedicated mail address set up.”
ORIGINAL | February Five, 2018:
Ledger, a company that offers cryptocurrency wallets, acknowledged on February Three that all of its hardware wallets are affected by a vulnerability which could permit a malicious party to provide clients with false receive addresses, so that cryptocurrency that is intended to be received by the customer would end up ter an attacker’s wallet instead.
A twitter account run by the company issued a tweet that included a hyperlink to a report detailing the vulnerability. The researchers behind the document did not identify themselves, referring to themselves only spil “wij.”
Spil Ledger says on an instructional pagina of its webstek, a “Ledger wallet generates a fresh address each time you want to receive a payment.” (The pagina wasgoed updated on February Five, and when ETHNews accessed it, the quoted text and other information pertinent to the vulnerability wasgoed highlighted ter crimson.)
By press time, Ledger had not responded to an ETHNews inquiry on whether this vulnerability menaces to affect the sending and receiving of Ether tokens.
The document also relates that the researchers behind it reached out to Ledger with their findings, and on January 27, the company’s CTO told them that “no fix/switch would be done (our recommendation to enforce the user to validate the receive address has bot rejected), but they will work on raising public awareness so that users can protect themselves from such attacks.”
A pagina on Ledger’s webstek under the header “Basic security principles (vereiste read),” which wasgoed also updated on February Five, cautions users that “Using a hardware wallet doesn’t make you invincible… Don’t trust, verify.”
Like what you read? Go after us on Twitter @ETHNews_ to receive the latest Ledger, wallet or other Ethereum wallets and exchanges news.