A recent report reveals that Ledger Application has not fixed a serious vulnerability that permits for a “Bitcoin Fork” attack.
Mo Nokhbeh claims Ledger’s wallet fails to properly isolate the apps liable for authorizing the transactions of various assets. This creates a vulnerability where a user’s wallet are often fooled into authorizing a transaction for a less valuable asset, like Litecoin [LTC], Bitcoin Cash [BCH] or the other Bitcoin fork coin, where actually, a Bitcoin [BTC] transaction is being released. While adding further, Nokhbeh added:
“This app should be isolated such that it only signs for testnet derivation paths. However, forwarding it a regular mainnet bitcoin transaction will pass. Additionally, it’ll present the TX as if it’s testnet bitcoin, to a testnet bitcoin address.”
In line with Nokhbeh, he made Ledger fully conscious of this vulnerability and despite acknowledging it, the corporate has failed to fix it. Instead they have chosen to release a further new update to their existing app which will update users with a warning prompt if such an exploit is detected.