The Ledger Company is one of the most secure services in terms of storage of cryptomoney at the present time. However, this reality does not prevent ledger hardware from being confronted with security flaws that need to be dealt with quickly. A new breach of this kind has just been uncovered and concerns Bitcoin (BTC) and its forks.
It is difficult to be a leading company in a rapidly evolving field such as crypto. This exposes it to a lot of lust and to large scale malicious attacks. A fact that has been confirmed again recently with the hack of the official website of the Ledger company and the theft of private data of more than one million of its customers. This exposes those concerned to potential targeted phishing attacks.
A problematic fact that comes on top of recent information revealing that a new security flaw has just been detected on ledger hardware portfolios that make the success of the French company. And this concerns Bitcoin and its (too) many forks. Information that could potentially be problematic if it were to cross-reference the company’s client file on the darknet.
Paying in LTC and validating a transaction in BTC
Without going into too much technical detail, this flaw concerns the validation of Bitcoin “type” transactions from the Ledger storage keys. The latter are processed according to the same process whether it is Bitcoin or one of its forks such as Litecoin (LTC) or Bitcoin Cash (BCH) for example. A choice assumed and explained by the Ledger company in December 2019 which is obviously not as secure as expected.
It is an article from the English site monokh that exposes this flaw for the first time. It is entitled “Isolation bypass of the Ledger application. “And it concerns the transactions carried out using the Ledger wallet that could be corrupted in a deliberate and malicious way.
It explains how the bundled management of Bitcoin forks and the BTC itself could allow a transaction in a cryptocurrency such as the Litecoin (LTC) to be made that would actually hide a move from another more expensive cryptocurrency such as Bitcoin (BTC). This without the user noticing it and validating the operation thinking he is doing the first one.
In fact, a transaction of 10 LTC (approximately $580) could result in the payment of approximately 10 BTC ($113,000), which is not the same as the current price of these two digital assets! But this obviously only concerns the use of a Ledger key to carry out transactions directly to applications that could take advantage of this loophole. And only in Bitcoin or one of its forks.
It seems that Ledger has not given any response to the disclosure of this flaw which dates back to January 2019, nor has it even made any modification to prevent its exploitation. That is why it was just publicly released earlier this week.