Teenager Hacks Crypto-Currency Wallet -- Security Today

Teenager Hacks Crypto-Currency Wallet

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

By Sydny Shepard
Mar 22, 2018

A 15-year-old has hacked into a crypto-currency wallet that is touted by its manufacturer as "tamper proof."

Saleem Rashid said in his blog, that he had written code that gave him a back door into the Ledger Nano S, a $100 device that has sold millions around the world. The code would allow a malicious attacker to drain the wallet of all of its funds, according to Rashid.

The firm announced it had issued a security fix for the issue.

The vulnerability is believe to also affect another model of the crypto-currency wallets, the Nano Blue, and a fix for that unit will not be available for "several weeks."

Crpyto-currencies, such as Bitcoin, use an encryption method known as a public key cryptography to protect funds. Users can spend the money stored only if they have access to the private key. These Ledger hardware wallets store those private keys and can be connected to a PC via a USB port.

The attack found by Rashid targets the device's micro-controllers, one of which stores the private key, while the other acts as its proxy to support display functions and the USB interface. The second is less secure and is not able to differentiate between genuine firmware and code written by an outsider.

Rashid found that for the attack method discovered, the hacker would need physical access to a wallet before it got into the hands of the victim. For instance, by buying one, altering it and then selling it online to the victim.

Rashid said in his blog he sent the code to Ledger several months ago and was not paid a bounty. He decided to publish his blog after Eric Larcheveque, Ledger's chief executive, made comments on Reddit, which, according to Rashid, "were fraught with technically inaccuracy."

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

LVT and Insight LPR Partner to Launch Mobile License Plate Recognition
02/27/2026
AWS Security Hub Adds Full Stack Partner Solutions
02/26/2026
Genetec Launches Cloudlink 2210 Appliance
02/26/2026
System Surveyor Launches Integration Marketplace
02/26/2026
Unapplied Patches Drive Majority of Open Source Breaches
02/20/2026
GEODIS Park Selects Allied Universal for Security and Event Services
02/19/2026
Alaska DOT Pilots AI-Driven Lighting to Boost Pedestrian Safety
02/19/2026
Hanwha Vision Launches ConfigPro Management Tool
02/18/2026

Featured

Full Details Released for SIA Education at ISC West

ISC West 2026 is coming up March 23–27 in Las Vegas, and the Security Industry Association (SIA) and ISC West have revealed full conference details. Read Now
- ISC West
2025 Gun Violence Statistics Show Signs of Progress

Omnilert, a national leader in AI-powered safety and emergency communications, has released its 2025 Gun Violence Statistics, along with a new interactive infographic examining national and school-related gun violence trends. In 2025, the U.S. recorded 38,762 gun-violence deaths, highlighting the continued importance of prevention, early detection, and coordinated response. Read Now
- Facility Security
Big Brand Tire & Service Rolls Out Interface Virtual Perimeter Guard

Interface Systems, a managed service provider delivering remote video monitoring, commercial security systems, business intelligence, and network services for multi-location enterprises, today announced that Big Brand Tire & Service, one of the nation’s fastest-growing independent tire and automotive service providers, has eliminated costly overnight break-ins and significantly reduced trespassing and vandalism at a high-risk location. The company achieved these results by deploying Interface Virtual Perimeter Guard, an AI-powered perimeter security solution designed to deter incidents before they occur. Read Now
- Artificial Intelligence
The Evolution of ID Card Printing: Customer Challenges and Solutions

The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now
- Access Control
TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now
- Airport Security

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.
EasyGate SPT SPD

Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.