Wallet Vulnerability May Cause Catastrophe

David Kemp

Discovering vulnerabilities in software products and systems is one of the most essential parts and all developers should pay attention to this issue. Creators cannot always foresee and predict what faults and flaws their newly launched products may contain. Unfortunately, even the most prominent corporations launch software that seems to have vulnerabilities.

Crypto owners expect to have the most secure and safest wallets the modern crypto community can provide. The public trusts professionals’ opinions and, after having done their own thorough research and analysis, people decide on some certain platform or brand. They pin their hopes on companies whose names are well known, and yet this does not guarantee that customers will never face any problems with the assets, wallets, and systems they employ on a daily basis.

Vulnerabilities can and must be patches. The most important thing here is to detect them in due time and fix everything before it’s too late. Specialists fully understand that if there are vulnerabilities in e-wallets people utilize, there might be too many victims who may lose their funds simply because cyber criminals and hackers who are well aware of the issue and its nuances may try to steal the assets belonging to thousands of people. Ledger is far from being the perfect tool and it can also sometimes fail to fix major vulnerabilities that allow for the so-called ‘Bitcoin Fork’ attack.

This is what the crypto community is now discussing since what has recently become known to the crypto space has shocked all participants. According to the latest reports, the application didn’t manage to restore the system and fix the error that can easily lead to an attack. Experts say that Ledger’s wallet cannot properly isolate the application that is responsible for authorizing various transactions related to different assets.

This issue creates a vulnerability – as a result, the person’s wallet can be fooled and the system will then authorize an operation for an asset that has a lower value, for example, BCH or LTC. This applies to other for coins belonging to Bitcoin. However, a BTC transaction is what the owner might have sent his request for.

Updating the App

All developers admit that this application should be isolated. And they need to do this in a way that allows the system to sign for testnet derivation paths. On the other hand, if we senв it a regular mainnet BTC transaction, it is likely to pass. More than that, it will present the TX and we will see it as if it is testnet BTC, to a testnet BTC address. Many researchers say that they are already aware of this issue.

Even though developers know this too, the brand hasn’t managed to fix it yet. Instead of keeping on trying to fix the issue, the team has chosen to release a special update and add it to the existing application. This, as they claim, will provide customers with a warning notice if the system detects this kind of exploit.