Over the past months, there have been questions over the security of Ledger wallet. And reports on the vulnerability of the popular wallet that could result in stealing of users’ funds, are common in the past.
Trader Loses 100,000 in ERC-20 Tokens to Hackers
A crypto trader identified on Twitter as Stacking, took to the social platform to report the loss of 100,000 ERC-20 tokens to hackers, due to the vulnerability of Ledger wallet.
According to the user, he initiated a reset of account just a week ago, which implies that his recovery phrases were safe with him before the attack. What is now baffling is how his crypto stash vanished from his wallet.
Stacking tweeted, “Someone hacked into my #Ledger and stole over 100k in ERC-20 tokens… My ledger is in a safe, and I reset it last week – so no one knows the recovery phrases. WTF. This happened approximately 3 hours ago. What the actual fnck Ledger.”
Reacting to the report of the huge loss, a crypto information channel on Twitter, Galgitron wrote:
“I’ve been warning about Ledger for years. Whether this specific event is actually ledger’s fault or not, it’s the Rube Goldberg process they’ve created for self-custody that has introduced countless attack vectors.”
Vulnerability Discovered In Ledger Wallet
As reported by Cointelegraph a couple of days ago, a new vulnerability that could be disastrous if not properly fixed was discovered in Ledger wallet. According to the report, the vulnerability in question could give room for a Bitcoin Fork attack.
A Liquality developer, Mo Nokhbeh, claimed that Ledger’s wallet fails to properly isolate the apps responsible for authorizing the transactions of different assets, which could get a user fooled into authorizing a transaction for a less valuable asset.
“This app should be isolated such that it only signs for testnet derivation paths. However, sending it a regular mainnet bitcoin transaction will pass. In addition, it will present the TX as if it’s testnet bitcoin, to a testnet bitcoin address,” Nokhbeh noted.
Going by Mo Nokhbeh’s account, he informed Ledger about this vulnerability but has failed to fix the issue despite acknowledging it.
Join us on Twitter
Join us on Telegram
Join us on Facebook