Vulnerability discovered on the Ledger Nano X
Vulnerability discovered on the Ledger Nano X

Vulnerability discovered on the Ledger Nano X

By Alfredo de Candia - 9 Jul 2020

Chevron down

Yesterday the Kraken security team brought to light a vulnerability that afflicts Ledger Nano products of the X series only

Ledger itself publicly thanked the exchange and promptly intervened to fix the bug.

We reiterate that only the X series was affected by this vulnerability and not the S.

The security of hardware wallets

Most people involved with the blockchain and crypto world often hear that they need to use secure wallets to store their assets, preferably a hardware wallet and the brand that is often recommended is Ledger. 

A hardware wallet allows only the owner to sign transactions without the private keys being exposed to third parties, which means that no one can steal them. 

The surprise came when the Kraken team discovered that some models of the Ledger Nano X had been altered before they even reached the end-user.

How does the vulnerability occur

Thanks to the debugging mode, it was possible to flash the original firmware of the product by inserting a malicious one, obviously aimed at stealing the crypto of the unsuspecting user. 

The vulnerability was made possible because retailers would have modified the firmware of these products before selling them. 

Thus we are talking about unofficial channels where usually the price of these devices is lower and the user, thinking to save money, rushes to buy the device. 

This vulnerability was actually discovered several months ago by Kraken and Ledger was immediately informed to fix the leak and prevent access to private keys.

The advice, in any case, is to never buy used Ledger devices through unofficial channels in order to avoid this kind of problems. It is best to visit the official website of the product.

Alfredo de Candia

Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.