A fifteen-year-old British teenager Rashid Saleem has managed to gain access to the Ledger hardware wallets, which are some of the most popular cryptocurrency wallets currently available on the market. Saleem bypassed the French company’s Nano S and Nano Blue security device after rewriting a code in the device’s firmware thereby showcasing the vulnerability the cryptocurrency wallet.
According to news from the UK-based Independent newspaper, Saleem gained access to the product keys and also the cryptocurrency embedded in the wallet after he uncovered a major vulnerability in the device.
Hacking the Cryptocurrency Wallet
Saleem successfully hacked the Ledger wallets by putting his own software in the chip embedded in the device that stores payment information and other customer’s data through a micro-controller. On his website, Saleem outlined the methods he used in hacking the Nano S devices. In the article posted on March 20, 2018, he stated that “an attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the devices physically or, in some scenarios, remotely.”
This form of cyber attack is known as a “supply chain attack” and contrary to general opinion, it does not require any malware, Rashid stated. He further stated that he has sent the source code to the French hardware company to reproduce and study the attack.
The company’s Chief Security Officer Charles Guillemet said the flaws were “serious but not critical” although he told The Independent that Saleem’s attack was just an “unfortunate publicity stunt.”
The company has since developed a fix for the flaw. However, this new discovery has raised questions about the security of the cryptocurrency industry.
Most people see cold storages like hardware wallets, like the Ledgers, and paper wallets as the safest ways to store one’s cryptocurrencies away from the prying eyes of hackers.