Cryptocurrency manufacturer of the hardware wallet Ledger continues to refute the allegations that its devices can be hacked after the teenager has compromised them, reports Ars Technica today, March 21.
After the British 15-year-old Saleem Rashid created the code for the “backdoor” of Ledger’s wallets in November 2017, the company published reports describing the events as “NOT critical” and said that possible attacks “can not extract secret keys or seeds” .
Rashid then denied allegations on social networks and a message in his personal blog called “Infringement of the book security model” on March 20 stating that he can still “autonomously extract the root secret key after the user unlocks the device” and use it to manipulate destination addresses for transactions.
This argument exerts pressure on both Ledger and its millions of users, who still widely acknowledged the company’s claims that its purses were 100% safe.
Hardware wallets are often recommended by the most famous names of the bitcoins industry, including the teacher Andreas Antonopoulos, who, like many others, tries to dissuade crypto investors from online storage of funds.
This month, Ledger tried to fix in its hardware three security vulnerabilities, including those identified by Rashid. In a message dated March 20, describing the progress of the security update, Ledger told users that they will be fully protected after updating their wallets:
“The upgrade process verifies the integrity of your device, and a successful update of version 1.4.1 ensures that your device was not the target of any fixed attack. There is no need to take any other measures, your seeds / secret keys are safe. “