{"id":26927,"date":"2020-08-06T11:00:30","date_gmt":"2020-08-06T08:00:30","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=26927"},"modified":"2025-08-26T17:35:27","modified_gmt":"2025-08-26T14:35:27","slug":"critical-vulnerability-found-in-ledger-hardware-wallet","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/critical-vulnerability-found-in-ledger-hardware-wallet\/","title":{"rendered":"Critical vulnerability found in Ledger hardware wallet"},"content":{"rendered":"<p>Blockchain security researcher Mohammad Nohbeh <a href=\"https:\/\/monokh.com\/posts\/ledger-app-isolation-bypass\" target=\"_blank\" rel=\"noopener noreferrer\">discovered<\/a> potential risks in the Ledger hardware wallet. An attacker could create a transaction that, instead of an altcoin, would debit the first cryptocurrency.<!--more--><\/p>\n<blockquote>\n<p>\u201cAn attacker could use this method to transfer Bitcoin. Meanwhile, the user would have the impression that a transaction for another, less valuable altcoin (Litecoin (LTC), Bitcoin Cash (BCH) and others) is being executed,\u201d Nohbeh noted.<\/p>\n<\/blockquote>\n<p>In other words, a user could send 0.01 BTC with full confidence that they had specified 0.01 LTC.<\/p>\n<p>To support altcoins, a Ledger user must install a separate application for each asset. Of these, only one can be active at any given moment. Nohbeh found that attackers can access apps that are in an inactive state.<\/p>\n<p>Unlocking allows requesting various functions:<\/p>\n<ul>\n<li>exporting public keys;<\/li>\n<li>signing messages;<\/li>\n<li>confirming transactions.<\/li>\n<\/ul>\n<blockquote>\n<p>\u201cIt has been found that for Bitcoin and its forks the device exposes functions when handling any asset. Unlocking the Litecoin app will trigger a BTC transfer confirmation request, while the interface will display the BTC transfer and the LTC address. If you approve the request, a fully valid signed transaction will be sent to the Bitcoin mainnet,\u201d Nohbeh noted.<\/p>\n<\/blockquote>\n<p>Until updates arrive, he recommends disabling the altcoin apps in the Ledger Live catalog.<\/p>\n<p>The expert stressed that he had informed the company\u2019s specialists about the vulnerability, but within three months it had not been fixed.<\/p>\n<p>Ledger <a href=\"https:\/\/donjon.ledger.com\/lsb\/014\/\" target=\"_blank\" rel=\"noopener noreferrer\">acknowledged<\/a> the problem and promised to release an update that would implement a warning display about the detection of an unconventional path to executing a transaction. They noted that a lock could solve this problem, but it could lead to freezing assets that users would no longer be able to use.<\/p>\n<p><strong>UPDATE:<\/strong> The vulnerability has been fixed \u2014 the company has released a software update.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">The Bitcoin app that fixes the issue in Bitcoin derivative apps is available \u2014 for Nano X and Nano S. You can update your app on Ledger Live now.<\/p>\n<p>\u2014 Ledger (@Ledger) <a href=\"https:\/\/twitter.com\/Ledger\/status\/1291061084435238912?ref_src=twsrc%5Etfw\">August 5, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier Ledger <a href=\"https:\/\/u1f987.com\/en\/news\/ledger-reports-data-breach-affecting-around-one-million-users\">reported<\/a> a data breach affecting millions of users due to the discovered vulnerability.<\/p>\n<p>Follow ForkLog news on <a href=\"https:\/\/www.facebook.com\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Facebook<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Blockchain security researcher Mohammad Nohbeh discovered potential risks in the Ledger hardware wallet. An attacker could create a transaction that would debit Bitcoin instead of an altcoin.<\/p>\n","protected":false},"author":1,"featured_media":26928,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,961,1640],"class_list":["post-26927","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-hardware-wallets","tag-ledger"],"aioseo_notices":[],"amp_enabled":true,"views":"9","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/26927","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=26927"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/26927\/revisions"}],"predecessor-version":[{"id":26929,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/26927\/revisions\/26929"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/26928"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=26927"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=26927"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=26927"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}