Ledger to Expand Stablecoin Support

In addition to USDT and the DAI token from the MakerDAO project, Ledger will soon add support for other steblecoins
31 October 2018   528

The Ledger hardware wallet team will add support for new stablecoin, as well as integrate Tether (USDT) into all the company's products, reports CoinDesk.

Currently, the most popular stablecoin is supported by popular Nano S and Blue devices. However, soon the USDT token can be integrated into a cryptocurrency storage service aimed at institutional investors.

New Ledger operations manager in the Asia-Pacific region, Benjamin Soong, is confident that despite Tether’s extremely high recent volatility, this stablecoin remains popular.

One thing that is slightly unique in China and South Korea is the demand for USDT. Since both of those countries have capital controls, in terms of your ability to move currency out of the country.
 

Benjamin Soong

Operations manager in the Asia-Pacific region, Ledger

This, he said, is largely due to the control of the authorities over the movement of capital. The users from these countries liked the opportunities offered by the stablecoin, tied to the US dollar. He also noted that about 30% of the proceeds from sales of Ledger devices come from Asian markets.

In addition to USDT and the DAI token from the MakerDAO project, Ledger will soon add support for other steblecoins. As part of the plan for the development of custodial direction, by the end of the year the company plans to add support for about a hundred different coins.

Ledger to Comment on Vulnerability Found

Don’t worry, your crypto assets are still secure on your Ledger device, - reported by the team
28 December 2018   296

The manufacturer of popular hardware wallets for storing cryptocurrency Ledger responded to the presentation of the team wallet.fail, which announced the identification of several vectors of attacks on its devices.

In particular they did not succeed to extract any seed nor PIN on a stolen device. Every sensitive assets stored on the Secure Element remain secure. Don’t worry, your crypto assets are still secure on your Ledger device.
 

Ledger Team

In particular, the physical modification of the Ledger Nano S wallet followed by the installation of malware on the victim’s computer and the possibility of signing transactions after entering the PIN code are called “impractical”.

It would prove quite unpractical, and a motivated hacker would definitely use more efficient tricks (such as installing a camera to spy on the PIN entry).
 

Ledger Team

According to the company, obtaining physical access to the device and installing malware on the victim's computer is too complicated and requires the hacker to wait for the user to initiate the transaction, so it is unlikely that anyone will undertake its implementation. At the same time, they do not deny that this is possible.

Another scenario, where the researchers installed their own firmware on a microprocessor, really allows you to put the device into debug mode, said Ledger, adding that the capabilities of the alleged attacker are likely to be limited. “They said they had identified a way to bypass the microprocessor check, but they didn’t show how the bug was used.”

Similarly, developers are commenting on how to extract a PIN from a Ledger Blue device using a “controlled machine learning” attack.

This attack is definitely interesting, but does not allow to guess someone’s PIN in real conditions (it requires that you never move your device at all).

For such a scenario, we already implemented a randomized keyboard for the PIN on the Ledger Nano S, and the same improvement is scheduled in the next Ledger Blue Firmware update.

Once again, a better side channel would be to put a camera in the room and record the user entering his/her PIN.
 

Ledger Team

Ledger also criticized the wallet.fail team for deciding to publicly demonstrate the vulnerabilities of their devices at the conference, rather than resorting to the bug trapping program provided for such cases. "We believe that their conclusions do not indicate the presence of any vulnerabilities that can be used in practice," the company adds.