In less than two weeks, Ledger has suffered a data breach and has a new vulnerability. The latter is a bug that allows the hacker to spend Bitcoins while the user spends altcoins. The vulnerability was exposed by Liquality developer Mohammed Nokhbeh who stated that the Ledger,
“…presents misleading transaction confirmation requests indicating the selected app’s addresses and amounts when in fact different transactions are being signed.”
With the price of Bitcoin and other cryptocurrencies surging, the pre-bull run hype is starting to build up. With this hype comes attention and scammers aren’t far off. The new vulnerability puts the crypto wallet maker in a tough spot, especially with its close competitor Trezor right on Ledger’s neck.
According to the post by Nokhbeh, this vulnerability affects the forks of bitcoin like Bitcoin Cash, Litecoin, Testnet Bitcoins, etc.
The issue arises as Ledger supports functionality to install different apps for multiple cryptocurrencies. The device unlocks its functions for different/all assets present if only, say for example, if the Litecoin app is unlocked. Additionally, the interface presents the transfers of these Litecoins to a Litecoin address while the confirmation is received for bitcoin transfers.
“Accepting the confirmation produces a fully valid signed Bitcoin (mainnet) transaction.”
At press time, Bitcoin is in the $11,400 region and is trying to push past the $12,000 level. However, breaching past the $12,000 would cause retail FOMO bringing in a lot of attention and hence scammers. At times like these and the tough competition combined with Ledger’s consecutive setbacks might just allow Trezor to take Ledger’s market share.
At the time of writing, this issue was fixed per Decrypt reports.
Acknowledging the vulnerability, Ledger mentioned that their wallets are Hierarchical Deterministic [HD], meaning that the app derive keys on their own HD path only, which ensures that cryptocurrency apps cannot use keys from each other. However, the same was not the case for bitcoin derivatives, like Litecoin.
These vulnerabilities and hacks might just propel Trezor to be the dominant player in the field, especially with the next bull run around the corner.