Teenage British hacker exposes major flaw in best-selling cryptocurrency wallet

Joe Sommerlad

Updated 23 March 2018 at 10:39 am

Bitcoin Cash feud deepens as famous @Bitcoin Twitter account mysteriously disappears

A teenage British hacker has exposed a vulnerability in one of the world's best-selling cryptocurrency wallets.

Saleem Rashid, 15, broke into Nano S and Nano Blue devices from French hardware company Ledger after discovering a flaw that enabled him to access the products' keys and thereby gain control of the coins within.

Like passports and identity cards, Ledger's Nanos contain "secure element" chips that store payment information but which have to be connected to a micro-controller to be viewed on screen.

:: Follow the latest cryptocurrency developments on our live blog

Rashid discovered that, by manipulating the micro-controller through the installation of his own version of the firmware that runs the Nano S, he could access its contents.

The discovery, known as a "supply chain attack", means that any Nano bought from a third party seller, for instance on eBay or Amazon, could potentially be tampered with and rendered vulnerable to theft, according to Quartz.

Rashid described the process as "trivial" in a subsequent blog post, leading Ledger's CEO Eric Larcheveque to accuse him of carrying out an "unfortunate publicity stunt".

The company's chief security officer Charles Guillemet said the crack Rashid had discovered was "serious but not critical" and that a security update for the Nano S was now available with a fix for the Blue to follow within weeks.

The discovery raises fresh concerns about the safety of the cryptocurrency sector, which has been routinely criticised as an unregulated Wild West since its inception in 2009.

While market leader bitcoin prides itself on the security of its blockchain - the public ledger that records all transactions - other aspects of this emerging industry like wallets and exchanges are less watertight.

An attempted raid on the Chinese digicoin marketplace Binance earlier this month provided one example of the crypto sector's vulnerability, the US Federal Trade Commission's lawsuit against a group of pyramid scammers another.

Twitter, Google and Facebook have all banned cryptocurrency promotions since the turn of the year in a bid to protect consumers while the UK's Chancellor Philip Hammond yesterday announced the formation of a new task force to serve British interests.

Bristol Live
Brits say 'UK is finished' after spotting how much egg and cress M&S sandwich costs
Many shoppers have been left outraged after spotting M&S charging 'ridiculous amount' for a sandwich
17 hours ago
Nottinghamshire Live
ITV Tipping Point winner told she can't go on £2.5k holiday won on ITV show
Maxine Longmuir, 69, was thrilled when she won a £2,500 holiday to Portugal on the ITV quiz show, but claims she was left devastated when she was told she was unable to rebook it
20 hours ago
Daily Record
David Jason and Nicholas Lyndhurst's 'feud' - from on-set row to vow never to work together
David Jason and Nicholas Lyndhurst will forever be remembered for their roles as Del Boy and Rodney Trotter in Only Fools and Horses, but the pair's relationship off-screen has been far from perfect.
18 hours ago
Cosmo
If you like doggy, you’ve got to try the Prone Bone sex position – here’s how to master it
An expert guide to the Prone Bone sex position, including what it is, how to do it, and the benefits
2 days ago
Wales Online
The bin collectors opened people's black bags in Swansea and couldn't believe what they found inside
The residents in question have been contacted
2 days ago
The Independent
Remains of woman and daughter not seen for 24 years found in house of suspected killer on day he dies
Larry Webb confessed on his deathbed to shooting and killing Susan Carter and her daughter Natasha ‘Alex’ Carter over financial troubles
11 hours ago
Daily Record
Queen's favourite £10 takeaway she'd send footman to collect when she was at Balmoral
The Queen might have dined on some of the finest food in the world - but she was still partial to the occasional takeaway, and would send a footman to collect it
2 days ago
The Telegraph
Dine-and-dash family ‘visited by police’
Police have visited a family at the centre of a dine-and-dash scandal, a restaurant owner allegedly targeted in the string of incidents has claimed.
a day ago
Gloucestershire Live
Dr Michael Mosley says a teaspoon of 'nutritional powerhouse' food can reduce blood pressure and improve skin
They contain a triple whammy of alpha linolenic acid, fibre and lignans which help protect against heart disease, high blood pressure and high cholesterol
2 hours ago
Liverpool Echo
A Place in the Sun buyers dealt devastating blow before credits roll
A Place in the Sun host Craig Rowe said he was "hugely disappointed"
2 days ago
Daily Record
Prince Harry 'in tears' as he was 'furious' over King's 'cruel' Frogmore Cottage eviction
Prince Harry was left upset by his father's decision to evict him and Meghan from Frogmore Cottage as they were under the impression that the property would always be available to them, according to a royal expert.
13 hours ago
Hello!
Prince Louis' sixth birthday photo has got royal fans all saying the same thing
The Prince and Princess of Wales released a new portrait of their youngest son, Prince Louis, pictured outside in Windsor, on his actual birthday on 23 April
3 hours ago
Oxford Mail
DVLA alert to millions of drivers over new tax, MOT & driving licence process
It is illegal in the UK to get behind the wheel of vehicle without a valid photocard licence
a day ago
Yorkshire Live
Woman living in bus shelter with cupboards, chairs, carpet and Super Mario Bros-themed curtains
Destinty has been living in a bus shelter with her boyfriend and mum for seven months
17 hours ago
Manchester Evening News
I saw Marcus Rashford do something unbelievable for Manchester United - what was he doing?
Man United winger Marcus Rashford received was jeered off the pitch by supporters during the FA Cup semi-final victory over Coventry City
16 hours ago
Liverpool Echo
Bradley Walsh makes huge prize money blunder on The Chase
Bradley welcomed four new players to the ITV studio for Monday's The Chase
2 days ago
Bristol Live
Sausage dog ripped off mum's cheek and ate it in front of her
Kelly Allen, 45, cannot face returning to her work and the £350 statutory sick pay she is receiving each month is not enough to cover her bills
a day ago
Hello!
Royal fans left disappointed as Prince William and Princess Kate break with tradition on eve of Prince Louis' birthday
Here's how Prince William and Princess Kate strayed from established tradition on the eve of Prince Louis' 6th birthday
22 hours ago
People
Kourtney Kardashian's Sexy Bikini Photo from Her 45th Birthday Leaves Husband Travis Barker Melting
Kardashian enjoyed a vacation in paradise with her husband and four kids in honor of "45 trips around the sun"
14 hours ago
Swindon Advertiser
Shock as rare snake spotted near Swindon neighbourhood
Despite being relatively rare in the area, a wild snake has been spotted near a Swindon suburb.
5 hours ago

Latest stories