Ledger investigates wallet’s sudden lack of Bitcoin Cash support

The Ledger team has resolved the reported sudden lack of Bitcoin Cash support on its wallet.

On Wednesday, a Ledger spokesperson confirmed to CoinGeek that “this issue has now been resolved.”

“Recent updates to Bitcoin Cash infrastructure resulted in Ledger customers seeing inaccurate balances displayed on their BCH Wallets. As a result of Bitcoin Cash infrastructure changes, Ledger software was temporarily unable to acquire balance and transaction information from the Bitcoin Cash blockchain. This issue has now been resolved. Customers do not need to take any action, and BCH balances will be updated automatically. We apologise for any inconvenience,” the spokesperson said.

On the Reddit forum /r/ledgerwallet, users complained that they have been unable to access their funds on the Ledger wallet for the past two days due to technical problems. Some users reported encountering problems with their transactions if they use BCH as currency, while others are completely shut out of their balances.

According to a Reddit user who wanted to transfer from Coinbase to Nano S, transfers involving SegWit-Coin BTC, LTC and ETH went through just fine but the BCH transaction did not work although the QT Code was scanned accordingly for funds to be received. The user complained that after 36 hours nothing had happened. The situation has created consternation amongst Ledger Wallet users who have taken to social media to voice their concerns.

Ledger Wallet initially addressed the incident in a tweet and also posted an “Active Incident” report after the degraded performance of BCH transactions. The report, which was lodged on April 9 at 7:10 a.m. UTC, noted that “the new version of Bitcoin ABC (Bitcoin Cash node) breaks compatibility with our parser.” This resulted in incorrect result balances on the Ledger Wallet, according to the team.

Ledger maintained that all funds were safe and can still be accessed in emergency situations using the software wallet Electron Cash.

Despite the immediate response, users still hit out at Ledger over the company’s inordinate amount of time it took for the problem to be solved. Nicolas Bacca, CTO of Ledger, addressed the issue, saying:

“The team is still investigating. I’m not following this closely, but if invalid data was fed into our parser it could be necessary to reparse the whole chain which will take a few days. Thanks for your patience, and feel free to open an issue on Electron Cash github if it isn’t working properly… for any blogger trying to misquote me—this means that another team is working on it as fast as they can, but not myself.”

Meanwhile, CEO Eric Larchevêque assured its clients that Ledger’s entire infrastructure engineering team “is working on fixing the outage since we have been aware a day ago.”

The incident report previously stated: “Our main servers are now synced and running. We’ll run on a degraded infrastructure the time for us to ensure that everything is fine (next 12 hours). Once we’re sure that everything is running smoothly, we’ll apply our patches to Ledger blockchain explorer and the BCH daemon before we sync the rest of our infrastructure.”

Note: Tokens in the SegWit chain are referred to as SegWit-Coin BTC (inaccurately called Bitcoin Legacy or Core by many) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Teen exposes security vulnerability in Ledger hardware wallet

Cryptocurrency hardware wallet Ledger has been found to contain a major security flaw, which could enable hackers to steal funds from users through a variety of different methods.

The exploit was identified by a teen digital security expert, Saleem Rashid, earlier this week and undermined Ledger’s claims to be ‘tamper-free.’

Upon discovering the exploit, Rashid contacted Ledger CTO Nicolas Bacca to report his findings. The flaw theoretically allows retailers and resellers to load compromised firmware, which would be successfully verified by the device via its connection to the Secure Element.

As soon as the compromised device is used for storing cryptocurrency, the hacker could then successfully recall the relevant private keys, which would effectively allow them to walk away with the contents of the wallet.

According to Rashid, his initial referral of the security flaw was dismissed by the firm, who refused to engage seriously with his recommendations. Nevertheless, a firmware update was released, which went on to attract further criticism from the teenager.

The findings have divided opinion amongst the cryptocurrency community, with some users suggesting the flaw wasn’t as serious as Rashid had initially suggested.

Responding to user comments on Reddit, Ledger CEO Eric Larchevêque described Rashid’s technical report into the flaw, published on his blog, was ‘a massive FUD’, and disclosed as a reaction to the firm’s unwillingness to treat his findings seriously.

“Saleem got visibly upset when we didn’t communicate as ‘critical security update’ and decided to share his opinion on the subject,” the Ledger CEO said.

Ledger subsequently published an update, explaining three separate security issues identified by a team of bounty programme researchers. Notably, Saleem Rashid was included amongst the three security experts working on the project—something Rashid himself has denied.

The move follows on from Rashid’s earlier work, most notably in identifying similar flaws with the TREZOR One device. The flaws identified in this case were more warmly received, and even garnered public praise for Rashid from the firm’s CEO.

Nevertheless, it seems not all hardware wallet manufacturers are as open to discussing security flaws with independent researchers like Rashid, and in any event, often less willing to release critical security updates to patch these flaws.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Ledger announces native desktop apps, sets roadmap for Android and iOS

French startup Ledger recently announced that it’s working on updates for its software, with plans to expand its suite of services for mobile devices in a bid to create a seamless, cross-platform experience for its users.

Despite being met with flaws and vulnerabilities in recent news, the hardware wallet company has pushed to recreate its software in such a way that it also addresses the need for well-designed user interfaces that will not confuse newer users of leading cryptocurrencies supported by the wallet.

In the announcement, Ledger has stated that it will begin to deprecate its Google Chrome extension first introduced in 2015. These Chrome apps only functioned natively with legacy Bitcoin (BTC) and Bitcoin Cash (with the CashAddr upgrade), while users of other cryptocurrencies such as Ethereum still had to open a new page whenever they do transactions with Ledger’s Chrome app. If a user had a portfolio with multiple cryptocurrencies, they had to manually install and open each one for Ledger’s firmware to work properly with the selected hardware.

Another note to explain this gradual demise for the 3-year-old Ledger Chrome extension would be how Google’s ChromeOS has been making inroads into app development and integration, making some previous extensions and web apps either redundant with Android apps or obsolete for the Chrome browser installed on a desktop.

Ledger’s initial release will feature native desktop applications for Windows, macOS, and major Linux distributions. Multiple cryptocurrencies will be supported on the apps, including Bitcoin Cash, Ethereum, Ripple, BTC, and 19 other cryptocurrencies. Ledger’s latest devices, such as the Ledger Nano S and the Ledger Blue, will be compatible with these apps. In case of new registrations, users with no physical Ledger wallets may still access their accounts on a read-only basis, with an option to password-protect the viewing access.

Once opened, the desktop apps will treat users to a dashboard view of all their assets, with information on current values from their cryptocurrency and exchange of choice. The desktop apps will retain the basic functions of a wallet: it will allow users to send, receive, and check their account balances, as well as examine the history of their transfers on the blockchain.

The apps will also function with Ledger’s proprietary address and transaction confirmation process (verified through keys on the hardware) before funds are released for transfer. With their introduction of desktop-class software, Ledger has also promised that the desktop apps will perform better in terms of account synchronization.

Ledger said its developers are hard at work with future updates that include applications for both Android and iOS, giving cryptocurrency users a full mobile experience with features such as spotlight search, transaction tags and notes and third party app support through API integration, as well as support for more cryptocurrencies and Ethereum ERC-20 tokens with the Ledger Nano S.

The hardware wallet company is also working on a new version of the Ledger Manager platform, and will release it to Google Chrome, Opera, and Chromium for open source extensibility. The platform will allow Ledger users to access their account details with a web-based solution involving direct device communication through a USB port.

For users who opt for the desktop apps, the new apps will have its own set of USB drivers. However, the startup notes that its deprecation of the Google Chrome extension would mean that native compatibility with Chromebooks will be suspended, pending the full integration of Android apps to the operating system.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Ledger admits to possible wallet firmware flaw

In a recent article written as a how-to, Medium blogger Paris Cormier described a set of instructions on how to successfully infiltrate a Ledger wallet. The instructions, which followed a fully-detailed Docdroid.netdisclosure,were posted for educational purposes to prevent the hack from being replicated and protect users who may fall victim to it.

The hardware wallet company acknowledged this vulnerability in their product with a tweet claiming that the “man in the middle attack” can be mitigated by verifying the receive address on the device’s screen. This is done by clicking the “monitor button” found in the wallet’s interface.

Following a report from news.bitcoin.com last month in which a man’s life savings were stolen from a hardware wallet supplied by a reseller, the news that Ledger’s hardware wallets are vulnerable has been met with anger from cryptocurrency users. The man described in the report is Redditor u/moodyrocket, who claimed that he has “[…] not used my Ledger in a week, today I decide to check the value of my XRP, Litecoin and Dash only to discover that all of them showed up as zero and had been transferred somewhere else yesterday all around the same time at 7:30pm. I am not sure how this is possible as I have not access my Ledger in a week.”

Cormier’s guide describes Ledger wallets as “one of the many that generate new public keys for each receiving transaction.” Such transactions are done by executing JavaScript code which runs from the client-side. According to the guide, “This means that malicious code can easily replace the automatically generated receiving address with a hacker’s.”

Given how public keys are changed regularly, users may not suspect any issues that would arise from this process. Users also have no viable method to verify the validity of the receiving address, without resorting to external or third-party applications to manually verify addresses.

Here’s an illustration of the hack as posted by @LedgerHQ on Twitter:

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Ledger to Ledger transfers are now possible – Radar Relay

This move will bring startup Radar Relay a substantial market advantage.

Hardware wallets, or cold wallets, have been the safest way to keep cryptocurrency funds to date. Even if you connect it to an infected computer, there’s just no way (that we know of) for hackers to get to your funds. This makes hardware wallets such as Ledger the go-to choice for cryptocurrency enthusiasts when it comes to safeguarding tokens they’re holding long-term.

There was just one problem: if one wants to trade or transfer, they would still have to take the funds out of the Ledger and send them to an online exchange or wallet. From here, funds will be just as susceptible to whatever attacks or compromise the exchange will suffer (if it does). The computer being used to access the exchanges and wallets can also be compromised as well.

But now these problems are taken care of.

Decentralized exchange startup Radar Relay has created the solution that would probably effectively make their breakthrough into the highly competitive and already crowded blockchain industry. In a Medium post yesterday, the startup has announced that they are now supporting Ledger hardware wallets.

Yep. You can now transfer directly from one Ledger wallet to another—no need to move your funds to online wallets or exchanges. Just connect your Ledger and follow the usual steps to sync it with your computer, and use Radar Relay to set gas prices and send funds. A tutorial is also included in their Medium post for anyone interested.

This is the first time direct transfers between physical wallets has been made possible. Consequently, the move has been received positively, with Radar Relay hitting 10,000 Twitter followers as of yesterday. Although now, users are lamenting a different but well-connected problem: Ledger wallets keep running out. Ledger VP of Engineering Fred de Villamil says they’re trying their best to keep up with demand.

Ledger to Ledger transfers are now possible – Radar Relay

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.