Ledger wallet vulnerability instigates wider discussion about computer security

Leo Zhang

By Leo Zhang

So-called "hardware wallets" store private key material on dedicated flash devices, held offline. One of the leading hardware wallet makers is embroiled in a debate with customers: they want OEMs to provide comprehensive security, but may not be able to secure their own home or office computing environment, leaving a critical gap and no one to blame.

Look for the "Subscribe" link on our site to receive curated news, delivered daily or weekly to your inbox.

News

Top 10 points made by the SEC and CFTC congress testimony on cryptocurrencies
(Hackernoon, by Howard Marks)

"The new Cyber Unit in the Division of Enforcement is going to be more aggressive with enforcement actions against those who violate the law."

Coinbase product update - Feb 5, 2018
(Medium, by Zach Abrams)

"Last week, some customers using credit cards started to see an additional 'cash advance' charge on their card statement. This was the result of the MCC code for digital currency purchases being changed by a number of the major credit card networks."

Commentary

As crypto winter continues, it's survival of the fittest among Bitcoin miners
(Bitcoinist, by Adam James)

"A Chinese miner running a top-of-the-line Bitmain Technologies Ltd.’s Antminer S9 at 13.5 TH/s, for example, would be pulling in roughly $80 a week in profits – assuming Bitcoin remained at its 50-day moving average of $13,200. Unfortunately, it did not. Instead, it has fallen to levels nearly half that price."

One man's fight against the lions of Japanese investing
(Bloomberg, by Tom Redmond, Yuko Takeo, and Nao Sano)

"Not even the world’s most intractable demographic predicament has stopped Japanese people from sliding slowly toward financial hardship, frozen into inaction by their own cautiousness."

Technical

All Ledger wallets have a bug that lets you steal cryptocurrency
(TNW, by Mix)

"What is even worse is that – due to Ledger’s design which requires new addresses be generated consistently – users have no viable options to 'verify the integrity of the receive address.' This could dupe users into thinking the displayed receiving address is indeed authentic, while this might not at all be the case."

42% of the popular websites are vulnerable to cyberattacks
(Techrepublic, by Alison DeNisco Rayome)

"Cybercriminals have exploited long-held measures of trust, including the reputation or category of certain websites, to avoid detection and increase the effectiveness of their attacks."

Update

Sia publishes January Community Update. Sia

Decred publishes a snapshot of the public development activities in January. Twitter