A current report contends that Ledger Application has unsuccessful to resolve a significant vulnerability that will allow for a “Bitcoin Fork” attack.
Mo Nokhbeh statements Ledger’s wallet fails to thoroughly isolate the applications accountable for authorizing the transactions of different property. This makes a vulnerability the place a user’s wallet can be fooled into authorizing a transaction for a a lot less worthwhile asset, like Litecoin (LTC), Bitcoin Income (BCH) or any other Bitcoin fork coin, where by in fact, a Bitcoin (BTC) transaction is staying introduced. Nokhbeh explained to Cointelegraph:
“This application should really be isolated this sort of that it only indications for testnet derivation paths. Having said that, sending it a typical mainnet bitcoin transaction will move. In addition, it will current the TX as if it can be testnet bitcoin, to a testnet bitcoin address.”
According to Nokhbeh, he made Ledger entirely aware of this vulnerability and despite acknowledging it, the company has failed to take care of it. Alternatively they have chosen to release an update to their current application which will offer customers with a warning prompt if such an exploit is detected.
We have reached out to Ledger for remark and will update pending a reaction.