The new Ledger wallet vulnerability could bring more trouble soon if not fully patched as per the new reports that we have in our latest blockchain news.
Ledger failed to fully fix the major vulnerability which allows for a “BTC fork” attack as the recent report concluded that Ledger App failed to fix the major vulnerability that allows a Bitcoin fork attack. Mo Nokhbeh claimed that Ledger’s wallet failed to isolate the responsible apps that granted authorization of the transaction of different assets. This creates the vulnerability where a users’ wallet can be fooled into authorizing a transaction for less valuable assets like Bitcoin Cash, Litecoin or any other BTC fork where in reality, a Bitcoin transaction is being released:
“This app should be isolated such that it only signs for testnet derivation paths. However, sending it a regular mainnet bitcoin transaction will pass. In addition, it will present the TX as if it’s testnet bitcoin, to a testnet bitcoin address.”
According to Nokhbeh, he made Ledger fully aware of this bug and despite acknowledging it, the company failed to fix the new Ledger wallet vulnerability. Instead, they chose to release an update of the existing app which provides the users with the warning if an exploit is to happen.
The French company said they have been hit hard with the breach which allowed “third-party” access to at least 1 million of the users’ contact details. The company took it to Twitter to state that the marketing and e-commerce database was compromised the users’ contact details and order information but Ledger claimed that there’s no spill of crypto holdings or client transaction info. Ledger explained to their clients in an email today what exactly happened and also wrote a separate blog post adding that they were made aware of the breach on July 14 by a “researcher participating in a bounty program.”
The Ledger wallet suffers a huge data breach as data from millions of users got leaked but reportedly, the funds of the users are safe. However, the risk of an extensive phishing attack is extremely high. A bug bounty program helped the hardware wallet company discover that it’s marketing database had a vulnerability that put all of the personal information and purchases details of customers at high risk. Ledger patched the issue immediately but it was too late already.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]