Is Ledger still safe?
In the world of cryptocurrencies, security is of crucial importance. Many users are wondering whether Ledger, one of the leading providers of hardware wallets, is still secure, as there have been various incidents in the past. In this article, we look at the current security concerns and explain how Ledger is responding to them.
Is Ledger still safe in 2024? Previous security incidents
2018: Receiving address manipulation
Ledger issued a warning about a possible man-in-the-middle attack in 2018. A proof-of-concept attack was discovered in which a malware manipulates Ledger’s Chrome application to change the displayed receiving address. However, Ledger emphasizes that users are safe as long as they verify the new receiving address on their Ledger device. Nobody lost money as a result, as this was only a concept attack.
Ledger has responded by updating the Chrome application to prompt users to verify the receiving address on the Ledger device. Meanwhile, the Chrome extension no longer exists and in Ledger Live new addresses must always be checked on the device.
2020: Customer data compromised
In July 2020, a Ledger database containing e-commerce data was compromised. Around 272,000 detailed customer details such as postal addresses, names and telephone numbers were leaked. Ledger responded by hiring an external security company and updating the affected databases. Despite the leak, the CEO emphasized that no cryptocurrencies or wallets are affected and that the security of hardware wallets remains untouched.
Ledger has continued to take measures to improve data security and protect affected customers from phishing attacks.
The data is still being used for phishing attacks by e-mail and SMS.
2023: Ledger Connect Kit Hack
In December 2023, the Ledger Connect Kit library was infiltrated by hackers. This vulnerability allowed attackers to inject malicious code into DApps that used the Ledger Connect Kit. This caused users to sign transactions that emptied their wallets. Ledger reacted quickly by removing the malicious code and updating the affected versions. The vulnerability was fixed within about five hours of its discovery.
2023: Ledger Recover Problem
Ledger Recover is a paid, optional subscription service from Ledger that allows users to recover access to their crypto wallet if they have lost the recovery phrase (seed phrase).
“Ledger Recover” has been criticized since its announcement because it undermines the basic principles of hardware wallet security. Here are the main points of criticism:
- Security risks: By transferring fragments of the private key (seed phrase) to cloud services, there is a risk that this data could be intercepted by hackers.
- Trust issues: Users must blindly trust Ledger to handle their data securely because the code is not completely open source.
- Communication problems: The introduction of Ledger Recover was criticized as poorly communicated, leading to confusion and concerns.
- Violation of the principles: The crypto community argues that the seed phrase should never leave the device to ensure the highest standard of security.
Due to this criticism, Ledger has postponed the launch of Ledger Recover for the time being and plans to make the code base completely open source to ensure transparency and trust.
Measures to improve safety
Ledger has taken several measures to improve the security of its wallets:
- Regular firmware updates: Ledger continuously carries out updates to counter new threats.
- PIN codes and recovery phrases: These functions significantly increase security by adding additional layers of protection.
- Isolated hardware: The private keys are stored offline, which makes them less susceptible to hacker attacks.
Conclusion whether Ledger is still safe in the year 2024
Although there have been security problems in the past, Ledger has reacted quickly and taken measures to improve the security of its wallets. With regular updates and additional security features, Ledger remains a reliable choice for the secure storage of cryptocurrencies.
Keine Kommentare vorhanden