An anonymous blockchain researcher monokh discovered a new vulnerability in the Ledger hardware wallets that can lead to theft of user funds.
According to the researcher, a potential attacker can exploit new method of stealing cryptocurrencies by replacing funds meant for the transfer with a more valuable.
"If you use bitcoin forks on your device, you could be affected. You should avoid using these ledger apps until fixes are available," said monokh.
The researcher says the wallet exposes bitcoin public key and signing functionality outside the "Bitcoin" app.
The vulnerability presents misleading transaction confirmation requests indicating the selected app's addresses and amounts when in fact different transactions are being signed, monokh explained.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.
Monokh said the Ledger Wallet developers were not motivated to see the issue to completion as they were aware of the issue before the disclosure and pointed out that the app updates had been under QA and that the issue would be disclosed publicly once updates have been made.
However, no further progress was observed and requests for update received no response, he added.
"...it was apparent that there was no intention to address the issue and the disclosure period would not yield any results. Nonetheless I gave them the benefit of the doubt and afforded some patience," the researcher said.
Earlier, iHodl reported that the popular maker of hardware wallets for storing cryptocurrencies, identified a security breach.
According to the company's announcement, the compromised data included contact data and order information. However, more sensitive information such as payment data and crypto funds had not been affected.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange.