Ledger Wallet Vulnerability Affects Users

Ledger confirmed that its hardware wallet vendors were under attack and recommended users to verify their receive addresses on their devices' screens
05 February 2018   1607

According to the report published on DocDroid on February 3, 2018, the vulnerability that affected all the hardware devices was discovered in Ledger Wallet. The issue might lead to users losing their funds.

The malware can reportedly replace the code responsible for generating the receive address with its own address, causing all future deposits to be sent to the attacker. Moreover, it is ompossible for the user of the wallet to verify the integrity of the receive address. The users of the wallet were recommended to always verify their receive address on the device's screen by clicking the "monitor button".

Ledger Team to Find Issue in New Nano S Software

Last update's security improvements have affected the amount of device memory
15 February 2019   150

Ledger hardware wallet developers stated that an unforeseen problem was found in software version 1.5.5 for the Nano S model. Improvements in the security context have affected the amount of device memory.

When planning for this update we didn’t anticipate the impact it would have on Ledger Nano S capacity. This was not planned obsolescence, simply put, we messed up. We apologize and we’re committed to making it right.

Ledger Team

The project team apologized for the incident and promised to fix the problem during the second quarter of 2019.

The project also announced the addition of Nano S support in the Ledger Live mobile app on Android.

Earlier, researchers at Wallet.fail discovered a number of vulnerabilities in the Trezor and Ledger hardware cryptocurrency wallets. As a result, they were able to conduct a series of successful attacks on wallets during the Chaos Communication Congress in Leipzig.