Cybersecurity of Wallet.fail found a number of vulnerabilities in hardware cryptocurrency wallets best wallet and Ledger. As a result, they managed to conduct a series of successful attacks on purses during the Chaos Communication Congress in Leipzig.
Experts said that the vulnerabilities lie in hardware and software, firmware, architecture and the web interface.
During a demonstration attacks to the team Wallet.fail managed to extract the PIN code and the mnemonic core of RAM best wallet, remotely to sign the transaction and hack loader Ledger Nano S, and to intercept the PIN-code Blue Ledger.
“The study of wallets in the broad context showed the presence of symmetrical and recurring problems,” — said on the website Wallet.fail.
The researchers noted that to get rid of some vulnerabilities with firmware update or replacement of microcontrollers.