Cryptocurrency hardware maker Ledger has acknowledged a report detailing a vulnerability in its product.
The vulnerability allows hackers to manipulate Ledger’s software by accessing the files on a device.
By manipulating these files, attackers can inject their own receive address onto the host machine, causing funds to be sent to an attacker.
It must be noted that this attack cannot compromise your private keys.
To mitigate the man in the middle attack vector reported here https://t.co/GFFVUOmlkk (affecting all hardware wallet vendors), always verify your receive address on the device’s screen by clicking on the “monitor button” pic.twitter.com/EMjZJu2NDh
— Ledger (@LedgerHQ) February 3, 2018