The hack highlights the possible perils of buying cryptocurrency hardware from untrusted sources.
(CCM) — A hardware wallet designed to store cryptocurrency securely has been hacked by a teenager, putting owners' Bitcoins at risk of being stolen, according to a BBC report.
Saleem Rashid has written a piece of software which replaces part of the built-in firmware in the Ledger Nano S, a security device which costs $100 and has been sold in the millions around the world to cryptocurrency users.
The software would only be useful to someone who could get a Ledger Nano S device and then sell it on to an unsuspecting buyer, Craig Young, a researcher at security firm Tripwire, explained in the report. "Anyone with physical access could modify the Ledger hardware wallet to gain access to funds. In effect, this would mean that someone selling this hardware wallet would be able to steal funds from their customers."
Ledger has issued a security fix which prevents Rashid's software being used on any device to which the security fix is applied. But it is believed that another of the company's products called the Nano Blue is also vulnerable to the same attack, and a fix will not be made available for "several weeks," the report says.
The BBC report added that a separate flaw in the wallet hardware made it susceptible to malware which could trick users into sending their cryptocurrency to hackers unknowingly.
Image: © Julia Tsokur - Shutterstock.com