News Your Crypto Hardware Wallet Might Not Be as Secure...

Your Crypto Hardware Wallet Might Not Be as Secure as You Think

-

- Advertisment -

So, you just bought some crypto. Congrats! (Or: Congrats ?) But now you need a place to store it. But the safest place you’ve been told to store it…may not really be all that safe. Hi. Welcome to the wonderful world of crypto!

You could leave your new crypto on the exchange where you purchased it, but those are worthwhile targets for hackers. You could move it to a software wallet, or maybe a third-party website or an app on your phone. But, again, those are online, so they’re susceptible to hacking. A paper wallet — literally a QR code printed on a piece of paper — is also an option, but they’re such a pain to set up.

A hardware wallet it is, then. These are easy-to-use standalone devices specifically designed to hold crypto. They let you to access your funds without connecting to the internet. Super secure, right? Except: Maybe not.

On March 20, Saleem Rashid, a 15-year-old self-taught programmer, published a blog post detailing multiple ways a hacker could crack the Ledger Nano S, a popular crypto hardware wallet. Apparently, the device isn’t as “tamper-proof” as its makers claimed. In his post, Rashid explained how a hacker could use a vulnerability in the Ledger Nano S to steal any private keys stored on the device. They could do this by tampering with the device either before you bought it (a “supply chain attack”) or after you’d already loaded it up with your private information (an “evil maid attack”).

Your Crypto Hardware Wallet Might Not Be as Secure as You Think
Image Credit: Ledger

Ledger released a patch to address the hardware wallet vulnerability on March 6, and Eric Larchevêque, Ledger’s CEO, told TechCrunch the company hadn’t received any reports of hackers actually accessing the crypto of Nano S users.

So, why wasn’t that the end of it?

Because, apparently, Rashid wasn’t satisfied with the response from Ledger. Which is why he publishing his post two weeks after the release of the patch. He also threw shade directly at Larchevêque, writing:

“I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.”

The same day he released his post, Rashid noted on Twitter that he told Ledger about the vulnerability four months ago and the company had exhibited “pretty poor communication” in the interim.

Ledger and Larchevêque appear far less phased than Rashid by the whole situation. “All systems have vulnerabilities,” Larchevêque told TechCrunch. “That’s part of the life of any security system. It’s a game of cat and mouse.”

That may be true, but it’s also a good reason to think twice before slapping the “tamper-proof” label on any future devices.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Fungibility: Bitcoin Mixers Favorite Term That No One Understands

Fungibility, perhaps the most important concept when dealing with a decentralized and anonymous currency, but does bitcoin...

Crypto can’t thrive in the real world – but stablecoins can

We can safely say that the hype about cryptocurrencies is pretty much over. The claims of Bitcoin...

How to double your crypto

Most of us have a small gambler deep inside our souls. We love to feel the thrill...
- Advertisement -Your Crypto Hardware Wallet Might Not Be as Secure as You Think

Cryptocurrency Top Security Risk Concerns: What You Can Do to Protect Your Crypto

A report by CipherTrace revealed that in the first half of 2019, criminals and fraudsters stole more...

How has Bitcoin of America Changed the Cryptocurrency Industry?

Who is Bitcoin of America? Bitcoin of America is a U.S. based digital currency...

Must read

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came...

Fungibility: Bitcoin Mixers Favorite Term That No One Understands

Fungibility, perhaps the most important concept when...
- Advertisement -Your Crypto Hardware Wallet Might Not Be as Secure as You ThinkYour Crypto Hardware Wallet Might Not Be as Secure as You Think

You might also likeRELATED
Recommended to you