Hardware crypto-wallet manufacturer Ledger has released a statement reminding users to beware of ‘man-in-the-middle’ attacks.
A report from Cointelegraph suggested there was a “newly discovered vulnerability” in the wallets hardware, however the article referred to a Twitter post from Ledger issued on February 4, which explained to Ledger users that hardware wallets do not make them “invincible”.
Ledger co-founder Thomas France talked to Bitcoin Trader yesterday to clarify the issue.
“There have been a lot of false claims and sensationalist headlines in the last few days, indeed,” he said.
“The ‘attack’ is something that is well known, and that is the reason why hardware wallets exist: to validate [both] what you are signing and the reception address on a secure screen.”
Ledger updated its Basic Security Principles and released a ‘man-in-the-middle’ statement yesterday to ensure users were aware of the need to double check the recipient address on the hardware wallet, rather than only on a computer screen.
“On the bottom right of the receive window, you have a ‘monitor button’ which will show the recipient address on your hardware wallet,” Ledger said.
“You must make sure it is the same [as] displayed, and also make sure this is the address you will ultimately send/paste/scan [to] the target application/service.”
Bitcoin Trader CEO Nathan van den Bosch said that users of the Ledger Blue and Ledger Nano S wallets would be familiar this process.
“None of this is new – what it comes down to is diligence of the user,” Mr van den Bosch said.
“Users of Ledger devices will be familiar with the fact that they can verify the recipient address on the screen of the device, prior to a final confirmation.”
The Ledger Blue, which is the latest introduction to the cryptocurrency offline storage device market, shows the entire recipient address on screen, while the Ledger Nano S shows the first and last four characters of the address.
“I always recommend the Ledger Blue for ease of use, Mr van den Bosch said.
A ‘man-in-the-middle’ -style attack refers to the use of malware to hack a computer’s clipboard, which can alter the recipient address as it is pasted into a cryptocurrency application. Ledger users can bypass this risk by manually typing out the address rather than using a cut-and-paste function.
Ledger also recommended the practice of sending a small amount of cryptocurrency to new recipient addresses for verification, prior transferring larger amounts.
“A hardware wallet ensures the protection of your private keys by providing you with a full isolation against the internet.
“However, this is not a silver bullet against all possible attacks and you must always verify and double check everything as explained above.”
Bitcoin Trader customers who are concerned about security issues related to Ledger hardware wallets can visit to Ledger Zendesk for more information and live updates. For more information about Ledger Receive Address Attacks, click here.
Bitcoin Trader is a digital currency brokerage firm providing a buy and hold strategy for high volume cryptocurrency investments.
Disclaimer: This content is for informational purposes only. It does not constitute investment or financial advice. Any information, material or commentary is intended to provide general information only. Information contained in this document has been obtained from sources believed to be reliable, but BT Brokerage Services Pty Ltd trading as Bitcoin Trader, makes no representation as to its accuracy or completeness. Before acting on any information contained in this document, each person should consider its appropriateness having regard to their own or their clients’ individual objectives, financial situation and needs. You should obtain independent taxation, financial and legal advice relating to this information and consider it carefully before making any decision or recommendation.