Bitcoin Forum
October 18, 2018, 01:57:21 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Ledger Receive Wallet Attack  (Read 148 times)
#BitcoinVegan
Member
**
Offline Offline

Activity: 76
Merit: 10


View Profile
February 05, 2018, 03:28:13 PM
 #1

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?
1539827841
Hero Member
*
Offline Offline

Posts: 1539827841

View Profile Personal Message (Offline)

Ignore
1539827841
Reply with quote  #2

1539827841
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539827841
Hero Member
*
Offline Offline

Posts: 1539827841

View Profile Personal Message (Offline)

Ignore
1539827841
Reply with quote  #2

1539827841
Report to moderator
1539827841
Hero Member
*
Offline Offline

Posts: 1539827841

View Profile Personal Message (Offline)

Ignore
1539827841
Reply with quote  #2

1539827841
Report to moderator
1539827841
Hero Member
*
Offline Offline

Posts: 1539827841

View Profile Personal Message (Offline)

Ignore
1539827841
Reply with quote  #2

1539827841
Report to moderator
ruplikminer
Jr. Member
*
Offline Offline

Activity: 294
Merit: 3


View Profile
February 05, 2018, 03:41:10 PM
 #2

Very curious to know also
zhekinsp
Full Member
***
Offline Offline

Activity: 448
Merit: 112


View Profile
February 05, 2018, 03:54:29 PM
 #3

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?
What do you mean by attack is someone steal your money? Since no one can steal your bitcoins in hardware wallets without private keys so how it can happen.I hope OP will explain the real case behind ledger wallet attack.

★★★ BitCloak Bitcoin Mixer |BTC & BCH| FAST MIX | API | PGP PROOF | ESCROW ★★★
Tor and Clearnet mirrors | Payouts Every 60 seconds | Cheap 2% Service Fee | The Most Advanced Mixer | Discuss More
Jaycee99
Sr. Member
****
Offline Offline

Activity: 518
Merit: 256


View Profile
February 05, 2018, 04:13:01 PM
 #4

I thought hardware is kind a USB look alike and no one can open it until you say so.

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?

How can be this hardware wallet would be attack? What to do it to buy another hardware wallet its better safe than never. I would suggest as well to try a different wallet that is myetherwallet its safe too you know I cant offer you suggestion its up to you.


I would just say if you think your not safe anymore on working with that hardware wallet try to buy new one that us trezor its 2nd best to ledger.
Caesar-Giulius
Sr. Member
****
Offline Offline

Activity: 686
Merit: 250



View Profile
February 05, 2018, 04:30:39 PM
 #5

What is going on? There isn’t any news about attack on ledger wallet.


BORDERLESS PEER TO PEER MORTGATE CROWDLENDING.

MVP READY!

██╗   ██╗██╗██╗   ██╗ █████╗     ███╗   ██╗███████╗████████╗██╗    ██╗ ██████╗ ██████╗ ██╗  ██╗
██║   ██║██║██║   ██║██╔══██╗    ████╗  ██║██╔════╝╚══██╔══╝██║    ██║██╔═══██╗██╔══██╗██║ ██╔╝
██║   ██║██║██║   ██║███████║    ██╔██╗ ██║█████╗     ██║   ██║ █╗ ██║██║   ██║██████╔╝█████╔╝
╚██╗ ██╔╝██║╚██╗ ██╔╝██╔══██║    ██║╚██╗██║██╔══╝     ██║   ██║███╗██║██║   ██║██╔══██╗██╔═██╗
 ╚████╔╝ ██║ ╚████╔╝ ██║  ██║    ██║ ╚████║███████╗   ██║   ╚███╔███╔╝╚██████╔╝██║  ██║██║  ██╗
  ╚═══╝  ╚═╝  ╚═══╝  ╚═╝  ╚═╝    ╚═╝  ╚═══╝╚══════╝   ╚═╝    ╚══╝╚══╝  ╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═╝
TELEGRAM     MEDIUM    GITHUB
REDDIT     ANN THREAD   
TWITTER     FACEBOOK   
LeGaulois
Copper Member
Hero Member
*****
Offline Offline

Activity: 854
Merit: 874

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
February 05, 2018, 04:31:33 PM
Merited by nullius (1)
 #6

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?

Ledger didn't receive a "wallet attack". A vector has been discovered last month with the Google Chrome application. Nobody has been affected currently (or at least it has not been found on the web). People using the hardware just need to validate the integrity of the address. (Checking if the address is correct, like you are always supposed to do, no matter the support used).

https://bitcointalk.org/index.php?topic=2878882.msg29653349#msg29653349

silent17
Full Member
***
Offline Offline

Activity: 322
Merit: 110


Powered by Artificial Intelligence & Human Experts


View Profile
February 05, 2018, 04:48:49 PM
 #7

I thought hardware is kind a USB look alike and no one can open it until you say so.

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?

How can be this hardware wallet would be attack? What to do it to buy another hardware wallet its better safe than never. I would suggest as well to try a different wallet that is myetherwallet its safe too you know I cant offer you suggestion its up to you.


I would just say if you think your not safe anymore on working with that hardware wallet try to buy new one that us trezor its 2nd best to ledger.

I would not think we can recommend myetherwallet, because myetherwallet can't hold Bitcoin.
I agree with other, The OP didn't explain very well the situation about the hacking. Because I think you can't really hack bitcoin in a USB wallet without accessing the wallet itself using a primary key.

bitart
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 586


Vires in Numeris


View Profile
February 05, 2018, 10:33:13 PM
 #8

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?
What do you mean by attack is someone steal your money? Since no one can steal your bitcoins in hardware wallets without private keys so how it can happen.I hope OP will explain the real case behind ledger wallet attack.
It's a receive attack, means that a malware try to change the receiving address of your wallet when it shows on the screen (and changes it to a hacker's address), in order to copy and paste the hacked address when you want to receive bitcoins into your wallet. When you use the chrome bitcoin application, you can click on a small button on the screen which shows the receiving address on the Ledger Nano S device itself, so if you check the two addresses you won't lose any bitcoin. So it's not a malware that completly wipes your hardware wallet but just hijacks the bitcoins you want to receive into the wallet.

tokexchain
Newbie
*
Offline Offline

Activity: 132
Merit: 0


View Profile
February 05, 2018, 10:37:23 PM
 #9

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?
What do you mean by attack is someone steal your money? Since no one can steal your bitcoins in hardware wallets without private keys so how it can happen.I hope OP will explain the real case behind ledger wallet attack.
It's a receive attack, means that a malware try to change the receiving address of your wallet when it shows on the screen (and changes it to a hacker's address), in order to copy and paste the hacked address when you want to receive bitcoins into your wallet. When you use the chrome bitcoin application, you can click on a small button on the screen which shows the receiving address on the Ledger Nano S device itself, so if you check the two addresses you won't lose any bitcoin. So it's not a malware that completly wipes your hardware wallet but just hijacks the bitcoins you want to receive into the wallet.

Very nice and helpful explanation - in these days of exploits and data breaches we all need to be aware of the potential and very real attacks - there are going on around all day and close to us digitally. Be wary and stay safe.
Cryptoshops
Jr. Member
*
Offline Offline

Activity: 112
Merit: 4

Get a Free Listing on CryptoCoinShops.net


View Profile WWW
February 05, 2018, 10:39:01 PM
 #10

He is talking about this

https://cointelegraph.com/news/newly-discovered-vulnerability-in-all-ledger-hardware-wallets-puts-user-funds-at-risk

Get a FREE website listing on CryptoCoinShops (http://cryptocoinshops.net)
Dvach
Member
**
Offline Offline

Activity: 112
Merit: 11


View Profile
February 05, 2018, 10:46:28 PM
 #11

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?
What do you mean by attack is someone steal your money? Since no one can steal your bitcoins in hardware wallets without private keys so how it can happen.I hope OP will explain the real case behind ledger wallet attack.
It's a receive attack, means that a malware try to change the receiving address of your wallet when it shows on the screen (and changes it to a hacker's address), in order to copy and paste the hacked address when you want to receive bitcoins into your wallet. When you use the chrome bitcoin application, you can click on a small button on the screen which shows the receiving address on the Ledger Nano S device itself, so if you check the two addresses you won't lose any bitcoin. So it's not a malware that completly wipes your hardware wallet but just hijacks the bitcoins you want to receive into the wallet.
Only Ledger Nano S device is affected by this malware? What about Ledger Blue? As far as I understand, it uses same app, but Ledger claims it's the most secure device. What about Trezor or KeepKey? Is there any similar malware targeted on hacking Trezor or KeepKey?
bitart
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 586


Vires in Numeris


View Profile
February 06, 2018, 09:29:27 PM
 #12

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?
What do you mean by attack is someone steal your money? Since no one can steal your bitcoins in hardware wallets without private keys so how it can happen.I hope OP will explain the real case behind ledger wallet attack.
It's a receive attack, means that a malware try to change the receiving address of your wallet when it shows on the screen (and changes it to a hacker's address), in order to copy and paste the hacked address when you want to receive bitcoins into your wallet. When you use the chrome bitcoin application, you can click on a small button on the screen which shows the receiving address on the Ledger Nano S device itself, so if you check the two addresses you won't lose any bitcoin. So it's not a malware that completly wipes your hardware wallet but just hijacks the bitcoins you want to receive into the wallet.
Only Ledger Nano S device is affected by this malware? What about Ledger Blue? As far as I understand, it uses same app, but Ledger claims it's the most secure device. What about Trezor or KeepKey? Is there any similar malware targeted on hacking Trezor or KeepKey?
I have no information about the Ledger Blue. If it's using the same app in Chrome, it's possible that the malware is able to change the receiving address of the Blue as well. Anyway, it helps if you double check the address on the device's screen as well, in the Chrome app. If you're using it with MEW, I've no info about the possibility of chechking the address on the device if you're connected to MEW.

carlisle1
Hero Member
*****
Online Online

Activity: 924
Merit: 502


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
March 03, 2018, 05:18:02 AM
 #13

I thought hardware is kind a USB look alike and no one can open it until you say so.

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?

How can be this hardware wallet would be attack? What to do it to buy another hardware wallet its better safe than never. I would suggest as well to try a different wallet that is myetherwallet its safe too you know I cant offer you suggestion its up to you.


I would just say if you think your not safe anymore on working with that hardware wallet try to buy new one that us trezor its 2nd best to ledger.

I would not think we can recommend myetherwallet, because myetherwallet can't hold Bitcoin.
I agree with other, The OP didn't explain very well the situation about the hacking. Because I think you can't really hack bitcoin in a USB wallet without accessing the wallet itself using a primary key.
nobody says it was BITCOIN who has been hacked,OP says the ledger wallet lol..but i cant really understand whats the mean of op about hacking the ledger whe it was in usb form,how could that be possible?can you explain further  for the benefits of all who has the same settings

BitcoinsGreat
Sr. Member
****
Offline Offline

Activity: 388
Merit: 250


View Profile
March 25, 2018, 03:50:48 PM
 #14

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?
What do you mean by attack is someone steal your money? Since no one can steal your bitcoins in hardware wallets without private keys so how it can happen.I hope OP will explain the real case behind ledger wallet attack.

Yes, no one can steal your coins from your ledger wallet while it is offline but once you connect your Legder wallet to the system to move funds, a malware is designed to take all of your funds always. So there is always a risk whether be online or offline.
BillCoin
Sr. Member
****
Offline Offline

Activity: 476
Merit: 259


Varanida : Fair & Transparent Digital Ecosystem


View Profile
March 25, 2018, 03:58:44 PM
 #15

Has anyone been affected by this and would it now be a good time to buy another hardware wallet?

Also it I've been reading where it says to press the monitor before sending and receiving to verify your address is correct is that true as well?

What the hell is going on?
What do you mean by attack is someone steal your money? Since no one can steal your bitcoins in hardware wallets without private keys so how it can happen.I hope OP will explain the real case behind ledger wallet attack.

Yes, no one can steal your coins from your ledger wallet while it is offline but once you connect your Legder wallet to the system to move funds, a malware is designed to take all of your funds always. So there is always a risk whether be online or offline.

In order to release a transaction from a ledger wallet you need to be connected to the internet.
Ledger is being split into 2 parts,one part contains the private key and has the code of signing transactions, on the other hand, the 2nd part of the ledger contains the connection to the internet is usually getting the transaction key from the offline part.
The problem was that there was a security breech so actually you could hack the ledger at the point it transferred the funds from the offline part to the online part.
Seriously security breech.

Building A Better Internet
━━━━━━━━━━━━━━━━━━━ ━━━━━━━━━━━━━━━━━━━

 
 █b
▐█=
║█
██                                         ¡▄▄▄▄▄▄▄▄┌
██M                                  ╒▄▄▄▄█▀    ▂▂ ╙▀▀▆▄
██▌                                ╓, ,██╨      ▀▀▀    ╜▀█▌
███                                ▀▀██╙     ▄▄▄▄▄      ╓█L
█ █▌                            ▄▄▄▄█▀          └▀▀▀▀█Φ█▀"
█▌ █▄                            ██▀           ▄█▀
▐▌  ▀▌                       ▀▄██▀            ▄▀
▐█     ▂▂▂                ▄  ▄█▀           ▄▄▀
 █▌  ╙▀▀▀▀▀█▄         ▄   ███▀     ▁▂▃▄▄▄█▀▀
  █▄        █▌    █▄  ██▄█▀        ▔▔╙▀▐█
   █▄       █▌ ▀▀████▀▀▀               ▐▌
    ▀█     █▀                          ▐▌
     ╙█▄  ▄▌                        ╓█ ▐█
       └▀██  ╓▄▄µ╓▄▄µ            ,▄█▀┘  █▌    ▄▄ ╓▄▄µ
         ██▄█▀▀███▀▀█▄       ╓▄▄█▀▀      ▀█▄█▀▀▀██▄╙▀█▄▄
          ▀╙    ▀▀▀  ▀▀▀  ▀▀▀▀╙           `      "▀▀  └╙
You Can See Me Now, Hi :}
VARANIDA

 
 
 
 
               ▄██   ▄███▄
              ▄███████  ██
              ██    ▀████▀
             ██
  ▄▄  ▄▄█████████████▄▄  ▄▄
▄███████████████████████████▄
█████████████████████████████
▀███████    █████    ███████▀
  ▀█████    █████    █████▀
   ███████████████████████
    █████▄  ▀▀▀▀▀  ▄█████
     ▀█████▄▄▄▄▄▄▄█████▀
        ▀▀█████████▀▀
|
bob123
Hero Member
*****
Offline Offline

Activity: 714
Merit: 582



View Profile WWW
March 25, 2018, 04:05:25 PM
 #16

The problem was that there was a security breech so actually you could hack the ledger at the point it transferred the funds from the offline part to the online part.
Seriously security breech.

The vulnerability you are talking about was regarding a faked (malicious) receiving address being shown on the desktop application.
This is due to the fact that the software still has to run on your OS and that everything on your screen can (theoretically) be changed / compromised.

This has been fixed with a simple verification of your receiving address on the nano s screen.
Anything verified on the nano s screen can be considered as truly being generated by your nano s (and therefore being secure).

gentlemand
Legendary
*
Offline Offline

Activity: 1792
Merit: 1272


Hello You


View Profile
March 25, 2018, 04:07:52 PM
 #17

Even if this hadn't been publicised, people should assume that whatever your computer is displaying to you can be spoofed. That's why these devices have displays to verify everything on.

If I had something like an original Nano HW1 I certainly wouldn't be using it any more.

arienna23
Full Member
***
Offline Offline

Activity: 227
Merit: 101



View Profile
March 25, 2018, 05:01:18 PM
 #18

I always double check and triple check the receiving address, even when I'm sending relatively small amounts from one of my wallets to another address I own.

Paranoia is a perfectly healthy condition when you invest in crypto.

Sidera | Blockchain Technologies
Decentralized Wearable Devices WEARING THE FUTURE
➜ TELEGRAM ➜ FACEBOOK ➜ TWITTER ➜ REDDIT ➜ LINKEDIN
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!