Blockchain

Ledger Wallet Glitch Tricks Users Into Sending Money To Hackers

Ledger

After a report indicated that a bug in Ledger Wallet’s software could allow users to be duped into sending cryptocurrency to hackers, the hardware wallet company took to Twitter to remind customers to be careful when transferring digital coins. Ledger told users to “always verify [their] receiv[ing] address” on their screen at the bottom of each transaction, TheNextWeb reported.

The announcement came after a DocDroid report was published, which said Ledger’s software was vulnerable to hacks. “Ledger wallets generate the displayed receive address using JavaScript code running on the host machine,” the report said. “This means that a malware can simply replace the code responsible for generating the receive address with its own address, causing all future deposits to be sent to the attacker.”

And, since Ledger requires that new addresses are constantly made, users don’t have a way to “verify the integrity of the receive address.” As a result, users might be tricked into thinking the receiving address shown on their screen is legitimate when it might not be. DocDroid reportedly told Ledger about the flaw one month ago, but the team decided to let users know about the vulnerability in lieu of making changes to its code.

Responding to criticisms over the flaw, the company said, “a malware can always change what you see on your computer screen. The only solution is prevention and building an UX to make the user check on its device. [One] device verification feature has been added [six] month ago already.”

Founded in 2015, Paris-based Ledger Wallet creates a number of various hardware solutions for cryptocurrencies and blockchains, including security solutions for enterprises and digital wallet hardware for consumers. The hardware solutions work to remove the potential point of failure implicit in digital cryptocurrency storage. Hackers can still gain access to someone’s computer and digital bitcoin wallets.

The company’s Ledger Nano S, for instance, is a multi-currency hardware wallet that is about the size of a thumb drive. Currency is stored on the device and only connects to the internet when a transaction is made — users enter a PIN on a small display screen on the device to verify every transaction.

——————————

NEW PYMNTS DATA: HOW WE SHOP – SEPTEMBER 2020 

The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

TRENDING RIGHT NOW