A critical bug has been found in the Ledger hardware wallets, causing users to risk losing all Bitcoin. The bug has been solved with the last 1.5.5 firmware update, but many have not yet updated their hardware wallet. Ledger barely communicated the critical bug. Many people therefore assumed that the firmware update was relatively unimportant. Now, however, it turns out that it is a very serious bug. Users of Ledger hardware wallets who have not implemented the update risk their entire portfolio.
Update your @Ledger hardware wallet ASAP if you haven’t already! Last month Ledger released v1.5.5, stating that it contained a “critical security fix on the Bitcoin app” ( https://t.co/oPpaANNUZJ ). I wondered how serious it was, and today I found out the answer…😮
— Ruben Somsen ⚡️🇳🅾️2️⃣❎ (@SomsenRuben) 27 februari 2019
Update of greater importance than expected
Many people therefore think that the update is not strictly necessary and that it can wait. In addition, the 1.5.5 firmware has the disadvantage that it takes up more space. As a result, there is less space available on the device to install crypto-apps. Many people report that after the firmware update they can only install two different cryptocurrency apps on their Ledger wallet. There is therefore an unspoken consensus among many people to wait for the next firmware update. Now that details of the bug have been published, it appears that the bug is very serious. Users who fail to update are at great risk. This mainly applies to people who follow the news less because of the continuing bear market. They run the risk of having missed the news about the update.
How does the bug work?
The bug can be exploited when a user is confronted with a payment screen that tries to exploit it. The payment simply takes place but during the same transaction the other funds are removed from the wallet. This is possible because of the way bitcoin transactions work on the blockchain. At Bitcoin there are actually no addresses as we normally know them. There is only a history of transactions that are linked together. An outgoing Bitcoin payment (output) therefore consists of a combination of previous incoming transactions (inputs). Because the outgoing amount usually does not exactly match with previous received payments, there is usually a bit of ‘change’ left.
That sends the blockchain back to the wallet of the user. That happens in the background and you normally do not notice that. However, this mechanism can be misused by the bug. Due to the bug all incoming payments can be used to create the outgoing payment. The full funds are therefore used for this. The change is then not returned to the user but secretly to the wallet of a hacker. In this way the entire wallet is robbed, minus the outgoing amount for the payment.
Fortunately, the bug in the Ledger Bitcoin wallet can be solved by installing the latest Ledger firmware via the associated software. Possibly there is also the option to only update the Bitcoin app on the Ledger. To make sure it is safe, we recommend keeping the Ledger and all apps fully up to date. Make no transactions at all without first running the update. Have you already installed the Bitcoin app on the device in the last few months? Then you probably already have the update. If your wallet has been stored away for a while then it is important to carry out the update at the next use.
Ledger barely communicated the critical bug. In the announcement of the 1.5.5 firmware update the bug was mentioned briefly but not explained. Many people lacked awareness about the risks. Now that details about the bugs are circulating on the internet, it gradually becomes clear how big the risks of not updating are. Responses from the Ledger team seem mild. According to them, the announcement of the 1.5.5 firmware was fine to inform everyone. The pr department of the hardware wallet manufacturer often holds a stiff posture.
Ledger is a French manufacturer of cryptocurrency hardware wallets. Already in 2014 they released their first model, the Ledger Nano. In 2017 Ledger managed to become market leader with the Ledger Nano S because of the low price and the large variety of cryptocurrency that is supported. Hardware wallets are praised by most crypto enthusiasts and recommended to keep cryptocurrency safe from hackers. Read more about hardware wallets and safe storage of cryptocurrency.