When it comes to storing cryptocurrencies, hardware wallets are considered one of the safest. Hardware wallets are considered to be safer because they allow you to be in control of your private keys and are physical devices which can remain disconnected from the internet when not in use. Ledger wallets are among some of the best hardware cryptocurrency wallets. Reportedly, there’s a vulnerability in all Ledger wallets which can put users’ funds at risk!
The report claims that a Man In The Middle (MITM) attack can be performed on Ledger wallets when users make an attempt to generate an address to receive Bitcoins. However, this attack only works if a particular malware is installed on the computer where the wallet is being used in. In this method, the attackers can replace Ledger’s code for generating the wallet address with one of their own - which will result in all deposits to the wallet going to the attacker’s address.
While the biggest condition of this attack is the fact that your PC needs to be infected with the malware - the fact is, that ledger has over a million users. The sheer number of users that Ledger has makes this attack a potential major threat and with hundreds of millions of dollars at risk of being stolen.
Ledger has tweeted about this attack stating that they are aware about this and that this is something which affects all hardware wallets and not just Ledger devices. While there’s no 100% fix for this, Ledger has provided a way which will ensure that the users know that the receiving address can be verified on the device by clicking on the monitor button below the QR Code.
Users can now verify that the address they are depositing cryptocurrencies to is the right address which actually belongs to the Ledger wallet. Considering how frequently exchange based wallets and web based wallets are getting hacked these days, hardware wallets are comparatively safer. However, this incident changes the perception of hardware wallets. While this vulnerability potentially affects all of their users, Ledger’s response to this has been rather stoic as they’ve simply stated that hardware wallets do not make you invincible.