CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • Fund
  • Buy
  • Language
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • Bitcoin Price Analysis
  • CryptoPotato Crypto Fund
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • bitcoin
    BTC$31,610.00
  • ethereum
    ETH$1,168.04
    • Market Updates
    • BTC Analysis
    • ETH Analysis
    • XRP Analysis
    • Interviews
    Home » Crypto News » Kraken Security Labs Identifies Ledger Nano X Vulnerabilities: Funds Not at Risk, Ledger CTO Says

    Kraken Security Labs Identifies Ledger Nano X Vulnerabilities: Funds Not at Risk, Ledger CTO Says

    Author: Anatol Antonovici

    Last Updated Jul 8, 2020 @ 21:11

    Kraken Security Labs identified certain vulnerabilities in one of the most popular hardware wallets – Ledger Nano X. The CTO of Ledger assured that funds are not at risk.

    Kraken Security Labs found some vulnerabilities in the hardware wallet Ledger Nano X. The wallet is regarded by many as one of the most secure storage devices.

    Attackers Can Tamper Wallet Devices to Steal Crypto Funds

    On Wednesday, Kraken Security Labs – the exchange’s team that checks the security of crypto products – announced that it had detected two new potential attacks that could be executed against Ledger Nano X. If conducted successfully, Kraken claims that the attacks might put the wallet’s security at risk.

    The attacks might permit malicious actors to get control over the victims’ computers connected to the wallets and install malware capable of stealing crypto funds.

    Kraken Security Labs explained all the technical details of the two attacks, dubbed Bad Ledger and Blind Ledger.

    In the first attack, the Ledger Nano X has to be tampered before reaching the victim. The firmware of the wallet’s process is modified with a debugging protocol that behaves like a keyboard. It can send malicious keystrokes to the victim’s computer. Kraken demonstrated a video that displays an infected Ledger Nano X that has control over the host computer by acting as a keyboard. It opens a browser and enters the exchange’s website by using keyboard shortcuts.

    Kraken says that the device and the Ledger Live software application identify the wallet as genuine and don’t realize the tampering.

    In the second potential attack referred to as Blind Ledger, the wallet’s tampered processor can turn off the display. Mixed with a thorough social engineering attack, the display is shutting off while malware on the computer convinces the victim to press several buttons that trigger malicious transactions.

    Given that the display is disabled, the victim would not be able to check the transaction on the wallet.

    Kraken recommends users to buy Ledger wallets from trusted stores only. Also, users have to be cautious if the display turns off.

    Ledger Says the Stored Funds Cannot Be Accessed Despite Potential Vulnerability

    CryptoPotato reached Ledger for comment. The company’s CTO, Charles Guillemet, explained:

    “We are grateful to the Kraken team for bringing this vulnerability to our attention. While we have addressed this issue at length on Ledger, we want to assure our users that funds stored on their Ledger Nano X could never be accessed, since the Ledger Nano X’s security relies on the Secure Element – not on the MCU chip. The issue could allow an attacker who intercepted the device during the supply chain to install malware on the user’s PC, though the funds would still be safe.”

    He added that it was extremely unlikely that this kind of attack might be performed successfully. So far, there has been no loss of funds caused by the vulnerability.

    Enjoy reading? Please share:
    Facebook Twitter LinkedIn Telegram
    SPECIAL OFFER (Sponsored)
    Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

    PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO35 code to get 35% free bonus on any deposit up to 1 BTC.

    You Might Also Like:

    • ledger_vulnerability
      Beware: Latest Ledger Email Phishing Scam Making The Rounds
    • The First Crypto US Bank: Kraken Received Licensing From The Wyoming Banking Board
    • polkadot_img
      New Polkadot Token (DOT) Listed by Binance and Kraken Ahead of Formal Redenomination
    Read more on: Kraken Ledger Security

    About The Author

    Anatol Antonovici View more posts by this author

    Anatol is an experienced financial writer that turned to cryptos right before the craze of late 2017. Previously, he was into foreign exchange and stock markets, providing brokerage firms, asset managers, and other businesses with top-notch content. He is open-minded, trades for fun, and addicted to classical music. Contact Anatol: LinkedIn

  • bitcoin
    BTC$31,610.00
  • ethereum
    ETH$1,168.04
  • Join Our Community

    FacebookTwitter YouTubeTelegram


    ADVERTISEMENT
    binance
    ADVERTISEMENT
    bitmart
    Bitcoin Editorials
    Ethereum 2.0 Staking on Exchange vs. Creating Your Node: What You Need to Know

    Ethereum 2.0 Staking on Exchange vs. Creating Your Node: What You Need to Know

    5 Possible Reasons For Bitcoin’s Price Surge Over $30,000

    5 Possible Reasons For Bitcoin’s Price Surge Over $30,000

    2020 Year In Review: Bitcoin’s Journey From $3800 To Nearly $30K

    2020 Year In Review: Bitcoin’s Journey From $3800 To Nearly $30K

    6 Reasons For The Ongoing Bitcoin Bull-Run Beyond $20K

    6 Reasons For The Ongoing Bitcoin Bull-Run Beyond $20K

    Is Blockchain The Answer To COVID-19 Led Misinformation and Rumor Mongering?

    Is Blockchain The Answer To COVID-19 Led Misinformation and Rumor Mongering?

    Join Our Newsletter
    Become a CryptoPotato VIP
    One Weekly Email Can Change Your Crypto Life.
    Sign-up FREE to receive our extended weekly market update and coin analysis report
    We NEVER send spam. You can unsubscribe at any time.
    Invalid email address
    Thanks for subscribing!
    About
    Advertise on CryptoPotato
    About Us | Contact Us

    Terms of service | Privacy Policy | GDPR
    More Sections
    IEO List | Evaluations
    Airdrops
    Scholarship
    Cannabis Stocks News | Market Analysis
    Disclaimer
    Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. Full disclaimer
    © Copyright CryptoPotato 2016 - 2021
    Scroll to top
    One Weekly Email Can Change Your Crypto Life.

    Sign-up FREE to receive our extended weekly market update and coin analysis report

    We never send SPAM. You can unsubscribe at any moment
    Invalid email address
    Thanks for subscribing!