The Kraken Security Labs technical team has detected a security vulnerability that allows malicious actors to execute an attack against Ledger wallets to steal funds.
Recently (within the past year) Kraken Security Labsa whirlpool bath, division of research and cybersecurity in blockchain, presented a report where it explains a detected vulnerability that can put at risk the funds stored in the hardware wallets de Ledger Nano X. According to Kraken Security, malicious actors can carry out two new attacks that can compromise the security of Ledger wallets and therefore the funds stored there.
Kraken Security explains that the detected attack vectors allow hackers to take control of the computer to which the wallet is connected, so they can install a malware inside computers to take control of the devices and steal users' funds.
The security firm also noted that these attacks are only possible before the user receives and configures the wallet; that is, since they are physical wallets, criminals may be able to intercept and manipulate the wallets during shipping and before the owners receive them, or the user may make a purchase with a malicious reseller who has previously manipulated the device. These attacks are known as supply chain attacks.
It may interest you: John Cantrell hacks Bitcoin wallet during 1 BTC giveaway
Details of possible attacks on Ledger wallets
Hardware wallets are one of the physical devices for storing cryptocurrencies, safest that exist today, in fact, these devices are used to store large amounts of value in cryptocurrencies as they are designed exclusively to provide maximum security to the private keys associated with our assets. In addition, Ledger is one of the most recognized manufacturers of this type of device on the market, integrating software and a security chip that guarantees the total isolation of the device even when it is connected to another device, such as a computer.
But despite all the security provided by the manufacturer, the Ledger Nano X model presents a vulnerability detected by the Kraken Security Labs team, which explains that, first of all, The processor firmware can be modified to act as a keyboard-like input device, recording keystrokes made by the user and sending them to the attacker's computer..
Secondly, Kraken Security Labs explains that The wallet screen can be manipulated while not in use, showing the user fake websites on the computer to trick them into using it. Pressing keys for the purpose of accepting and approving malicious transactions which will result in the loss of funds.
Kraken Security compares these attacks with those known as BadUSB y Rubber Ducky, where BadUSB is an attack that allows the reprogramming of the firmware of a USB device to manipulate it in any desired way, for example as a keyboard or as a network card to connect computers to malicious sites. Meanwhile, Rubber Ducky is an attack that also uses USB devices and allows the creation of backdoors in computers to extract data and important information stored on them.
Ledger Newsletter Indicates Funds Remain Safe
At release The statement issued by Ledger states that despite the vulnerability detected by Kraken Security, users' funds continue to be stored safely and reliably on the device.
“In the Nano X attack model, the processor can be fully compromised while funds handled by the device remain secure. However, replacing the code on this chip can lead to several attack scenarios, as demonstrated by Kraken Security Labs.”
Likewise, Charles Guillemet, CTO of Ledger, expressed that user funds stored in Ledger Nano X wallets cannot be accessed by hackers, therefore the funds are stored safely. Guillemet pointed out that the technology with which these wallets are built goes beyond the MCU chip, so they provide a high level of security for the deposited funds.
Ledger's CTO also stated that, as Kraken Security noted, Nano X wallets can be tampered with only during the supply chain, but that funds would still be stored securely.
Recommendations to avoid possible attacks
First of all, both companies recommend that users only purchase their hardware wallets from authorized stores and avoid purchasing these devices from third parties or in unsavory places.
Both Ledger and Kraken also stress that users should not follow instructions from fake websites to press keys or buttons while the wallet screen is off, and that extreme caution should be exercised if the device starts to act strangely, for example, if the screen turns off by itself. The companies also recommend that users carefully verify any transactions they make, checking the data and information before submitting them.
On the other hand, Ledger noted that the update 1.2.4-2 of the firmware is available and that it solves the vulnerability by performing a check to verify the integrity of the MCU chip, ruling out the possibility that it has been previously manipulated.
Continue reading: Argent Ethereum presents a serious security vulnerability that can put user funds at risk
