Often considered to be the safest wallet around, the hardware Ledger wallet is now reported to be vulnerable to the Man in the Middle attacks, here is why:
A group of known researchers has released a vulnerability in the blockchain space that has affected the Ledger hardware wallets. The issues have now affected more than a million users which have made Ledger Wallet not so safe to store your crypto.
But before this, what flaw has been discovered in the hardware wallet? The cybercriminals are now able to show the fraudulent addresses to the users of the wallet, after which they drain out the contents from the wallet and transfer it to their wallet.
The company did address the issue on Twitter on February 3rd by issuing a report that provides the preventive steps for the attack, however, it does not fix the problem.
But the researchers say that the Ledger did not take things seriously and said, “We contacted the CEO and CTO of Ledger directly in order to privately disclose and fix the issue.
We’ve received a single reply, asking to hand over the attack details. Since then, all our mail have been ignored for three weeks, finally receiving an answer that they won’t issue any fix/ change.”
The company instead plans to raise awareness so that the users are able to protect themselves. But how?
What is Man in the Middle Attack
So most using a ledger wallet know that it creates a new address in order to receive an address, however, a man in the middle will transfer the cryptocurrency to another address and the coins will never be able to reach the actual user’s wallet.
This happens when a user is using a malware infected device, which lets the cybercriminals to interfere and they change the code to generate unique address and side by side they keep depositing the balance in their own wallet.
A malware infected computer lets the cybercriminals to replace the address, basically, changing the receiving address with an address to the attacker’s wallet.
How to prevent this?
It is important to verify first, the wallet you are transferring the funds to, which can be done by clicking on the QR code which then displays the address of the hardware wallet.
However, this is not applicable on the Ether wallets as the app does not have the mitigation to let the user confirm the address.
An unnamed user suggested for this case, “If you’re using the Ethereum App – Treat the Ledger hardware wallet the same as any other software-based wallet, and use it only on a Live CD operating system that is guaranteed to be malware-free. At least until this issue receives some kind of fix