Newly Discovered Ledger Wallet Vulnerability Could Be Disastrous if Not Fully Patched

Ledger has failed to fully fix a major vulnerability that allows for a "Bitcoin Fork" attack.

Listen to article A recent report contends that Ledger App has failed to fix a major vulnerability that allows for a "Bitcoin Fork" attack.

Mo Nokhbeh claims Ledger's wallet fails to properly isolate the apps responsible for authorizing the transactions of different assets.

This creates a vulnerability where a user's wallet can be fooled into authorizing a transaction for a less valuable asset, like Litecoin, Bitcoin Cash or any other Bitcoin fork coin, where in reality, a Bitcoin transaction is being released.

"This app should be isolated such that it only signs for testnet derivation paths. However, sending it a regular mainnet bitcoin transaction will pass. In addition, it will present the TX as if it's testnet bitcoin, to a testnet bitcoin address."

According to Nokhbeh, he made Ledger fully aware of this vulnerability and despite acknowledging it, the company has failed to fix it.

Instead they have chosen to release an update to their existing app which will provide users with a warning prompt if such an exploit is detected.

We have reached out to Ledger for comment and will update pending a response.