Yesterday, the Kraken security team brought to light a vulnerability that affects Ledger Nano products of the X series only.
Ledger publicly thanked the exchange and immediately intervened to correct the error.
Thank you @krakenfx for the great report. Users' security is our top priority. Rest assured that #crypto on your #Ledger Nano X remain secure. Its security relies on the Secure Element – not the MCU chip. We patched this with the latest firmware update: https: //t.co/z6skQbQE0J
– Ledger (@Ledger) July 8, 2020
We reiterate that only series X was affected by this vulnerability and not S.
The security of hardware wallets
Most of the people involved with blockchain and the world of cryptocurrencies often hear that they need to use secure wallets to store their assets, preferably a hardware wallet and the brand that is often recommended is Ledger.
A hardware wallet allows only the owner to sign transactions without the private keys being exposed to third parties, which means that no one can steal them.
The surprise came when the Kraken team discovered that some models of the Ledger Nano X had been altered even before they reached the end user.
How does the vulnerability occur?
Thanks to the debugging mode, it was possible to update the original firmware of the product by inserting a malicious one, obviously intended to steal the cryptocurrencies from the unsuspecting user.
The vulnerability was possible because retailers would have modified the firmware of these products before selling them.
So, we are talking about unofficial channels where generally the price of these devices is lower and the user, thinking of saving money, rushes to buy the device.
This vulnerability was discovered several months ago by Kraken and Ledger was immediately informed to correct the leak and prevent access to private keys.
The advice, in any case, is that you never buy used Ledger devices through unofficial channels to avoid this type of problem. It is best to visit the official website of the product.