Ledger Wallet Glitch Tricks Users Into Sending Money To Hackers


After a report indicated that a bug in Ledger Wallet’s software could allow users to be duped into sending cryptocurrency to hackers, the hardware wallet company took to Twitter to remind customers to be careful when transferring digital coins. Ledger told users to “always verify [their] receiv[ing] address” on their screen at the bottom of each transaction, TheNextWeb reported.

The announcement came after a DocDroid report was published, which said Ledger’s software was vulnerable to hacks. “Ledger wallets generate the displayed receive address using JavaScript code running on the host machine,” the report said. “This means that a malware can simply replace the code responsible for generating the receive address with its own address, causing all future deposits to be sent to the attacker.”

And, since Ledger requires that new addresses are constantly made, users don’t have a way to “verify the integrity of the receive address.” As a result, users might be tricked into thinking the receiving address shown on their screen is legitimate when it might not be. DocDroid reportedly told Ledger about the flaw one month ago, but the team decided to let users know about the vulnerability in lieu of making changes to its code.

Responding to criticisms over the flaw, the company said, “a malware can always change what you see on your computer screen. The only solution is prevention and building an UX to make the user check on its device. [One] device verification feature has been added [six] month ago already.”

Founded in 2015, Paris-based Ledger Wallet creates a number of various hardware solutions for cryptocurrencies and blockchains, including security solutions for enterprises and digital wallet hardware for consumers. The hardware solutions work to remove the potential point of failure implicit in digital cryptocurrency storage. Hackers can still gain access to someone’s computer and digital bitcoin wallets.

The company’s Ledger Nano S, for instance, is a multi-currency hardware wallet that is about the size of a thumb drive. Currency is stored on the device and only connects to the internet when a transaction is made — users enter a PIN on a small display screen on the device to verify every transaction.


Latest Insights: 

The Which Apps Do They Want Study analyzes survey data collected from 1,045 American consumers to learn how they use merchant apps to enhance in-store shopping experiences, and their interest in downloading more in the future. Our research covered consumers’ usage of in-app features like loyalty and rewards offerings and in-store navigation, helping to assess how merchants can design apps to distinguish themselves from competitors.


To Top