Teenager Hacks Crypto-Currency Wallet -- Security Today

Teenager Hacks Crypto-Currency Wallet

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

By Sydny Shepard
Mar 22, 2018

A 15-year-old has hacked into a crypto-currency wallet that is touted by its manufacturer as "tamper proof."

Saleem Rashid said in his blog, that he had written code that gave him a back door into the Ledger Nano S, a $100 device that has sold millions around the world. The code would allow a malicious attacker to drain the wallet of all of its funds, according to Rashid.

The firm announced it had issued a security fix for the issue.

The vulnerability is believe to also affect another model of the crypto-currency wallets, the Nano Blue, and a fix for that unit will not be available for "several weeks."

Crpyto-currencies, such as Bitcoin, use an encryption method known as a public key cryptography to protect funds. Users can spend the money stored only if they have access to the private key. These Ledger hardware wallets store those private keys and can be connected to a PC via a USB port.

The attack found by Rashid targets the device's micro-controllers, one of which stores the private key, while the other acts as its proxy to support display functions and the USB interface. The second is less secure and is not able to differentiate between genuine firmware and code written by an outsider.

Rashid found that for the attack method discovered, the hacker would need physical access to a wallet before it got into the hands of the victim. For instance, by buying one, altering it and then selling it online to the victim.

Rashid said in his blog he sent the code to Ledger several months ago and was not paid a bounty. He decided to publish his blog after Eric Larcheveque, Ledger's chief executive, made comments on Reddit, which, according to Rashid, "were fraught with technically inaccuracy."

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Genetec Brings Powerful New Capabilities to Security Center SaaS
06/12/2025
Electronic Security Industry Applauds Passage of Oregon SB 959 to Combat Signal Jamming
06/12/2025
Security LeadHER 2025 Fosters Growth, Engagement and Community for Women in Security
06/12/2025
Hanwha Vision Holds Pricing Steady Amid Tariff Volatility
06/03/2025
ESX 2025 to Kick Off with Exclusive New Member Meetup
06/02/2025
ASIS International Unveils Program for GSX 2025
05/29/2025
Arrow Security Celebrates Grand Opening of New Boston Office
05/29/2025
Texas Hospital Association Names CENTEGIX an Industry Partner to Advance Healthcare Worker Safety
05/23/2025

Featured

Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now
- Cybersecurity
AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now
- Cybersecurity
Analysis of AI Tools Shows 85 Percent Have Been Breached

AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now
- Cybersecurity
- Artificial Intelligence
Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now
- Cybersecurity
Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now
- Facility Security

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities