CoinInsight360.com logo CoinInsight360.com logo
A company that is changing the way the world mines bitcoin

WallStreet Forex Robot 3.0
CoinTelegraph 2025-03-13 04:10:11

Hardware wallet Ledger helps competitor Trezor resolve security vulnerability

Hardware wallet provider Trezor has patched up a security flaw in two of its latest models after competitor firm Ledger’s open-source research arm discovered a vulnerability in their microcontrollers. Ledger Donjon acknowledged Trezor has made several security advancements of late but found cryptographic operations could still be performed on the microcontroller of Trezor’s Safe 3 and 5 models, which could make them “vulnerable to more advanced attacks.” Fortunately, Trezor has since addressed the vulnerabilities found, Ledger’s chief technology officer Charles Guillemet said in a March 12 X post. “We believe that making the ecosystem more secure helps everyone, and is critical as we push towards broader adoption of crypto and digital assets,” Guillemet added. Source: Charles Guillemet Trezor had already implemented “Secure Elements” — chips designed to protect the user's PIN code and cryptographic secrets — as some of Trezor’s devices could be tampered with by modifying the software running on it, potentially allowing threat actors to steal user funds. The Secure Elements feature “effectively thwarts any inexpensive hardware attack, in particular voltage glitching,” Ledger said in a March 12 post. “[This] gives users confidence that their funds are safe even if their device gets misplaced or stolen.” However, Ledger found another potential attack vector stemmed from the microcontroller, the other main part of Trezor’s two-chip design for its Safe 3 and 5 models. Trezor implemented a firmware integrity check to detect modified software, but Ledger was able to demonstrate that an attacker could still bypass this security check. This issue has since been resolved by Trezor — though neither Ledger nor Trezor have explained how. Cointelegraph reached out to Trezor but didn’t receive an immediate response. Trezor’s microcontroller in the Trezor Safe 3 model. Source: Ledger Trezor confirmed on X that user funds remain safe and that no action is required. Related: ‘Dark Skippy’ method can steal Bitcoin hardware wallet keys However, when asked whether Trezor was able to patch this issue via firmware, the hardware wallet provider responded: “Unfortunately not.” “In cybersecurity, the golden rule is simple: nothing is fully unbreakable. That’s why we have already implemented a multi-layer defense against supply chain attacks and always advise our users to purchase from official sources.” Ledger isn’t immune to security vulnerabilities either. In December 2023, a hacker committed a security breach into Ledger’s connector library and stole $484,000 worth of crypto assets. Another threat actor who breached Ledger’s systems published the mailing addresses of around 270,000 Ledger customers in June 2020. Magazine: Crypto fans are obsessed with longevity and biohacking: Here’s why

Lesen Sie den Haftungsausschluss : Alle hierin bereitgestellten Inhalte unserer Website, Hyperlinks, zugehörige Anwendungen, Foren, Blogs, Social-Media-Konten und andere Plattformen („Website“) dienen ausschließlich Ihrer allgemeinen Information und werden aus Quellen Dritter bezogen. Wir geben keinerlei Garantien in Bezug auf unseren Inhalt, einschließlich, aber nicht beschränkt auf Genauigkeit und Aktualität. Kein Teil der Inhalte, die wir zur Verfügung stellen, stellt Finanzberatung, Rechtsberatung oder eine andere Form der Beratung dar, die für Ihr spezifisches Vertrauen zu irgendeinem Zweck bestimmt ist. Die Verwendung oder das Vertrauen in unsere Inhalte erfolgt ausschließlich auf eigenes Risiko und Ermessen. Sie sollten Ihre eigenen Untersuchungen durchführen, unsere Inhalte prüfen, analysieren und überprüfen, bevor Sie sich darauf verlassen. Der Handel ist eine sehr riskante Aktivität, die zu erheblichen Verlusten führen kann. Konsultieren Sie daher Ihren Finanzberater, bevor Sie eine Entscheidung treffen. Kein Inhalt unserer Website ist als Aufforderung oder Angebot zu verstehen