Teenager Hacks Crypto-Currency Wallet

Teenager Hacks Crypto-Currency Wallet

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

  • By Sydny Shepard
  • Mar 22, 2018

A 15-year-old has hacked into a crypto-currency wallet that is touted by its manufacturer as "tamper proof."

Saleem Rashid said in his blog, that he had written code that gave him a back door into the Ledger Nano S, a $100 device that has sold millions around the world. The code would allow a malicious attacker to drain the wallet of all of its funds, according to Rashid.

The firm announced it had issued a security fix for the issue.

The vulnerability is believe to also affect another model of the crypto-currency wallets, the Nano Blue, and a fix for that unit will not be available for "several weeks."

Crpyto-currencies, such as Bitcoin, use an encryption method known as a public key cryptography to protect funds. Users can spend the money stored only if they have access to the private key. These Ledger hardware wallets store those private keys and can be connected to a PC via a USB port.

The attack found by Rashid targets the device's micro-controllers, one of which stores the private key, while the other acts as its proxy to support display functions and the USB interface. The second is less secure and is not able to differentiate between genuine firmware and code written by an outsider.

Rashid found that for the attack method discovered, the hacker would need physical access to a wallet before it got into the hands of the victim. For instance, by buying one, altering it and then selling it online to the victim.

Rashid said in his blog he sent the code to Ledger several months ago and was not paid a bounty. He decided to publish his blog after Eric Larcheveque, Ledger's chief executive, made comments on Reddit, which, according to Rashid, "were fraught with technically inaccuracy."

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events

  • Report: 82 Percent of Phishing Emails Used AI

    KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Read Now

  • NRF Supports Federal Bill to Thwart Retail Crime

    The National Retail Federation recently announced its support for the Combating Organized Retail Crime Act of 2025. The act was introduced by Chairman Chuck Grassley, R-Iowa, Senator Catherine Cortez Masto, D-Nev., and Representative Dave Joyce, R-Ohio. Read Now

  • ISC West 2025 Brings Almost 29,000 Industry Professionals to Las Vegas

    ISC West 2025, organized by RX and in collaboration with the Security Industry Association, concluded at the Venetian Expo in Las Vegas last week. The nation’s leading comprehensive and converged security event attracted nearly 29,000 industry professionals and left a lasting impression on the global security community. Over five action-packed days, ISC West welcomed more than 19,000 attendees and featured 750 exhibiting brands. Read Now

    • Industry Events
    • ISC West

  • Tradeshow Work Can Be Fun

    While at ISC West last week, I ran into numerous friends and associates all of which was a pleasant experience. The first question always seemed to be, “How many does this make for you?” Read Now

    • Industry Events
    • ISC West
Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.