Device manufacturer warned customers about potential threat of hacking
Crypto-currency wallets are constantly being attacked by cyber-criminals, but this does not happen with hardware purses. The company Ledger, which sold in 2017, more than 1 million devices, said their vulnerability.
Fortunately, there have been no reports of attacks from hackers, but the company considers the threat worthy of mention and does its utmost to protect those who trust them even from hypothetical hacking. 3 numbers Ledger advised the owners of their wallets to use several tips in order to exclude even the slightest chance to join the number of victims of hacking with the substitution of the address.
Hardware wallets are rightly considered the safest solution for storing popular cryptocurrency. The USB storage device eliminates most of the ways to attack from intruders, especially those associated with connecting to the Internet. However, to transfer the means or the address of the recipient, the device must be connected to the PC. Here, Ledger experts noticed a vulnerability that jeopardizes Ledger wallets. The report published a few days ago, describes a possible MiTM attack scenario.
In the case of such an attack, the victim may not even notice it. The situation becomes critical because the software can easily replace the recipient’s address by using the hardware wallet files located in the AppData folder. According to the report, malicious software will only replace one line of code, and for those who will use Python, it is necessary to replace less than 10 lines.
In its tweet, the company said that it is necessary to check the correctness of the address of the recipient of funds by clicking on the button with the image of the monitor on the computer screen or any other device from which the transaction is made.
To mitigate the man in the middle attack vector reported here https://t.co/GFFVUOmlkk (affecting all hardware wallet vendors), always verify your receive address on the device's screen by clicking on the "monitor button" pic.twitter.com/EMjZJu2NDh
— Ledger (@LedgerHQ) February 3, 2018
Most likely, the company’s specialists will decide in favor of mandatory verification of the recipient’s address with each transaction, as some manufacturers of hardware wallets do – for example, Trezor, offering customers two-factor authentication.