|
Title: {Waring} Ledger exploit makes you spend Bitcoin instead of altcoins. Post by: TheBeardedBaby on August 06, 2020, 10:01:46 PM I came across this news and decide to share it with you guys so people should be aware if their funds get locked by ledger and cannot be spent. You guys need to update the hardware wallet to fix it.
I do not own Ledger and I cannot 100% confirm the legitimacy of the source website but seems that the guy who found the vulnerability actually posted it on Twitter. Quote In brief A vulnerability in Ledger's hardware wallets allows a request for an altcoin transaction to actually request the movement of Bitcoin. The exploit was reportedly disclosed to Ledger back in 2019. Ledger said it's because the firm wanted "to avoid a situation where user funds would be locked and users unable to spend their funds.” Quote An exploit in Ledger’s crypto hardware wallets could allow malicious actors to steal Bitcoin, according to a report published by Liquality developer Mohammed Nokhbeh on Tuesday. The attack works by the bad actor creating a transaction that looks like an altcoin payment (a coin that isn’t Bitcoin) when it actually takes Bitcoin out of the wallet instead. “An attacker can exploit this method to transfer Bitcoin while the user is under the impression that a transaction of another, less valuable altcoin (e.g. Litecoin, Testnet Bitcoins, Bitcoin Cash, etc.) is being executed,” wrote Nokhbeh. This is worrying because the user thinks that they’re handing out 0.01 of an altcoin, which could be far less valuable than 0.01 Bitcoin, for instance. "A new version of the Bitcoin app will be released today, with an update that will display a warning and prompt for confirmation when an unexpected path is used—therefore solving this issue," said a Ledger spokesperson (who later confirmed that the fix is now live). Source > https://decrypt.co/37651/ledger-exploit-makes-you-spend-bitcoin-instead-of-altcoins Source, the guy who found the vulnerability > https://monokh.com/posts/ledger-app-isolation-bypass Title: Re: {Waring} Ledger exploit makes you spend Bitcoin instead of altcoins. Post by: mk4 on August 07, 2020, 09:14:53 AM Quite a shitty vulnerability to say the least, and this is after they just had their database leaked like a week ago. They'd have to take major major precautions now if they don't want their reputation to drop down lower. Also knowing that as far as I know they were the #1 hardware wallet company.
At the very least thankfully bitcoin-only people are pretty much safe, so there's that. Title: Re: {Waring} Ledger exploit makes you spend Bitcoin instead of altcoins {fixed} Post by: NeuroticFish on August 11, 2020, 12:57:46 PM The isolation bypass was fixed and for the sake of actual Ledger users you should write (bolded, in the topic) that it's fixed, just people need to update.
You can find more info and links in my older post on this: https://bitcointalk.org/index.php?topic=5266620.msg54939433#msg54939433 Title: Re: {Waring} Ledger exploit makes you spend Bitcoin instead of altcoins. Post by: bitmover on August 11, 2020, 08:22:03 PM At the very least thankfully bitcoin-only people are pretty much safe, so there's that. Yes. To be stolen you need to log in a fake third party software, such as a fake new. Not a huge vulnerability, but as they advertise you can use ledge in a infected computer this shouldn't really happen. |