It’s been just revealed that the crypto exchange Kraken warned users of a security risk that’s linked to the Ledger Nano X hardware wallets that affect products that have been tampered with during shipment or bought from malicious resellers.
The online publication the Daily Hodl reminds readers that the Nano X, which was released back in 2019 allows users to store their Bitcoin and crypto.
It’s also important to note the fact that this is Ledger’s only rechargeable wallet that can connect to the Ledger Live Mobile app via Bluetooth.
Kraken addresses the issue
Kraken’s cybersecurity division stated that the supply chain attacks are offering malicious actors access to computers that are connected to the wallet and allow them to install malware that could lead to theft of funds.
“The firmware of the non-secure processor is modified using a debugging protocol to act as an input device, like a keyboard, that can then send malicious keystrokes to the user’s host computer…” according to the notes.
The official notes continue and reveal that “Alternatively, the infected Nano X could have executed malware on the victim’s machine. Neither the Ledger Nano X device nor the Ledger Live software application display indication of tampering and identify the device as genuine.”
After the discovery of this security risk, Ledger rolled out firmware version 1.2.4-2 to fix the vulnerability in Nano X wallets.
They also told users that the issue is a physical one, and it doesn’t concern attacks that can be done in a remote way, and they also made sure to highlight the fact that the Ledger Nano S was not affected.
“Even if you’d be using the previous firmware version (1.2.4-1), they’d still not have access to any critical data like your recovery phrase, private keys, PIN, apps, and other sensitive data,” the notes say.
They also said that it’s very unlikely that this attack is performed successfully.
We recommend that you head over to the original article and check out the Ledger CTO Charles Guillemet’s response to the report from Kraken.