It is considered that the crypto hardware wallets are very reliable, and therefore better suited to store their savings and conducting various transactions. One of the most successful devices in the past year were French hardware crypto Ledger, whose sales quickly exceeded a million devices. But recently representatives of the developer reported that Ledger discovered a critical vulnerability allowing to spoof the ultimate steal wallets and owned by the recipient of the cryptocurrency.
To send money or load a recipient’s address in the Ledger, it is necessary to connect to the Internet — at this stage the attackers and get access to the device. Wallets Ledger create a display address using JavaScript, malware has the ability to replace details address of the attacker, and then all the money intended for the recipient, leave the scammers and the sender can be sure that everything is in order.
Yet from the vulnerability in the purse no one was hurt, but the developers posted on its website a video demonstration proving that it is real and dangerous. It is noted that the wallet stored on the PC in the AppData folder, too, can be attacked by fraudsters after the substitution of the recipient’s address.
To avoid the tricks hackers can be quite simple: the developers recommend that before committing a transaction always verify the correct address of the recipient — just click the button with the picture of the monitor. Then the user can confirm the correctness of the transaction by another click.
Despite showing up periodically “holes” in the security of such devices, the use of hardware wallets is still one of the most effective and safe ways of storing cryptocurrency, it is absolutely protected from intruders decisions at the moment does not exist.
Chat about cryptocurrency.
Chat about iron mining.
In hardware crypto Ledger discovered a critical vulnerability
Vyacheslav Larionov