Yesterday the Monokh team reported a piece of shocking news, as they discovered a vulnerability in one of the most famous hardware wallets, which is considered among the most secure, i.e. Ledger.
— Mo (@mo_nokh) August 4, 2020
As can be read, the problem concerns transactions that are not processed correctly, making users believe that other blockchain transactions are executed instead of Bitcoin (BTC) transactions.
The problem occurs using apps other than the official wallet apps, for example, if we confirm a Litecoin transaction we will be signing a Bitcoin transaction instead.
In detail this is what happens:
- Open the Litecoin app;
- Retrieve mainnet bitcoin (segwit) addresses using getWalletPublicKey(’84’/0’/’).publicKey;
- Query UTXOs and construct a bitcoin transaction to spend outputs;
- Send createPaymentTransactionNew(…) to prompt device for signing this transaction;
- Receive Bitcoin Mainnet valid signed transaction.
Ledger, an already known vulnerability
Although this problem was reported to Ledger over a year ago, precisely on January 18th, 2019, nothing has been done about it and therefore it has been published, so now Ledger will have to intervene to solve the problem.
These are the versions affected by the problem, so please check whether your Ledger was involved:
- Firmware: All versions. Currently 1.6.0;
- App Versions: All versions. Currently 1.4.3;
- Apps: Any apps deriving from the Bitcoin app as for btchip_context.h;
- Apps Tested: Bitcoin Testnet, Litecoin.
The most disconcerting thing about Ledger is the number of errors that are emerging.
For example, the recent vulnerability discovered on Ledger Nano X, or the data breach confirmed a couple of days ago where more than 1 million email addresses have been stolen from over 9,500 customers.
Let’s not forget that criminals now have this data and they could exploit it to their advantage and target everyone who has the device containing this vulnerability.