The exponential rise in the value of cryptocurrency has given birth to many millionaires and billionaires. The Crypto rich are now in a constant state of worry on how to protect their wealth. Exchanges have been hacked before (read Mt.Gox) and most of the hot wallets are also viewed as vulnerable. Until now, one of the most secure ways to store cryptocurrency has been hardware wallet, but perhaps not anymore.
The maker of Ledger, one of the most popular hardware cryptocurrency wallet has discovered a vulnerability that can potentially affect all its devices and people can eventually lose out their crypto funds.
The report categorically states that a “man in the middle” attack is performed when the user generates an address to transfer bitcoins to their Ledger waller. Breaking it down, the crypto fund is usually transferred to hardware wallet by generating the wallet address. In this particular case, the attacker can stealthily switch the code responsible for the account generation with their own account addresses. Thus all the deposits will eventually be sent to the attackers address instead of the ledger hardware.
On a brighter side, it is relatively easy to safeguard from such attacks. Ledger comes with a relatively unknown feature, one that lets users verify the address before transferring their funds. All one needs to do is click on the Monitor icon on the bottom of the “Receive Bitcoins” menu and confirm the address by reading the hardware wallet display. This ensures that you transfer the funds to the hardware wallet and not any address generated by the attackers.
Like any other mode of payment or fund transfer, the security concerns with cryptocurrency still looms large. Since it is an unregulated market there is no way for users to file a complaint or claim insurance money. I personally opine that the maker of Ledger should educate their users about the newly discovered vector of attack, in fact, other hardware wallets like Trevor and KeepKey have been warning users of such an attack.