Ledger was able to close vulnerability

However, Ledger’s development team has closed this vulnerability. They took steps to prevent the MCU from sending false code to the secure element. This requires the MCU to forward the entire contents of its flash memory. However, the MCU has a relatively limited amount of flash memory. To infiltrate false code on it, the MCU must theoretically store the official firmware and the false code. The memory capacity of the MCU should prevent this kind of attack.

Rashid allegedly circumvented this mechanism by first realizing that the MCU contained both the boot loader and the firmware, and that some of the software functions, the compiler intrinsics, were also identical. He eventually removed these intrinsics and replaced them with malicious code. When the secure element then asked the MCU about the content, the 15-year-old created a (seemingly) legitimate image to trick the device. The device then verified the counterfeit firmware.

As a result, the device then generated wallet addresses and recovery passwords that the attackers could control. Rashid thus ultimately claims to be able to generate passwords that seem random to the users, but which the attackers know. According to Rashid, this vulnerability could be exploited by allowing malware to infiltrate devices and computers to infect them.

Firmware update promises security for the Bitcoin trader

Ledger responded immediately to this Bitcoin trader problem. On March 20, they released an update that fixes three Bitcoin trader security issues. With the update, it is now possible to verify the integrity of the device and guarantee that the devices are not infected. Seeds and Private Keys are now safe.

In cooperation with the two security experts Timothée Isnard and Sergei Volokitin, Rashid himself has used Ledger to ensure that the security gaps have been closed. They strongly recommend upgrading the Ledger firmware to version 1.4.1 to eliminate all security threats.

Six steps to updating the Ledger Nano S for crypto trader

The first step is to open the Ledger Manager on the PC and connect your crypto trader Ledger to the PC. If the device is new, press the right button while connecting the cable. After 5 seconds the device will display “Recovery” and you will be taken to the crypto trader dashboard. If the device is already configured, you should connect it regularly and enter its pin.

The second step is to synchronize the Ledger Manager with the wallet and wait for the dashboard to appear.

In the third step, click on the firmware menu in the upper left corner of the Ledger Manager on the PC. Then click on the green arrow in the line “Firmware Version 1.4.1.” and on the “Install” button. Finally you have to confirm this step on the device itself. If an error message appears, this does not necessarily mean that the device is infected. Then you have to uninstall all applications from the device and start the update again.

Bitcoin-Crash: Looking for answers to price erosion

Price SlumpIn the last week, panic scenes took place in the Bitcoin industry during the extreme price slump. But the price slump was not just a bad thing for some smart traders. Those who had prepared for the crash took the opportunity to make real money with the high volatility.

Last week’s opening price was 267.09 US dollars and fell during the week by 57.46 US dollars or 22% to 209.63 dollars (CoinDesk price index).The Bitcoin price at the beginning of the week suffered the deepest blow. Here the price fell within 2 days on 14 January by 37% to a low of 170.21 dollars.

The then Bitcoin price of 600 US dollars had already been under strong pressure since June last year. After a rally in November, the price first fell to 450 dollars and since then has found only weak support. In December, the price per BTC was already below 400 US dollars.

At the beginning of the year, there were signs of a further drop in prices and many traders wondered how low things could still go. The Bitcoin price was now at 300 dollars and recovered only very briefly. The answer didn’t take long and came with last week’s crash. One trader even spoke of “surrender”.

Trading volume and Bitcoin profit rose rapidly

A sign of panic sales or “surrender” was the rapid increase in trading volume. The Bitcoin profit exchanges almost set a new record on 14 January with 1.43 million BTCs traded. In November only 300,000 BTC more were traded during the short price rally.

The Bitcoin Exchanges were pleased with this volume and the beautiful turnover. The Bitfinex Exchange, for example, charges 0.2% for each transaction made and an additional 0.1% for payouts.

Even if Bitcoin stock exchanges do not provide any information about the income, one can imagine what a nice little sum comes about with 80,910 traded BTC (on Bitfinex alone).

A stock exchange, however, had a very bad timing. Bitstamp went after a Hackerattacke only on 13 January again on-line and wanted to do its users with 0% fees for 5 days something good. They did not benefit from the Bitcoin wave the next day.

Why did the Bitcoin profit price collapse so massively?

Last week many analysts tried to find out why the Bitcoin profit price fell too much. Pantera was one of the first to try to educate its users with a special newsletter on the 14th.

Pantera mentioned margin trading as one of the possible reasons for the price drop and pointed to record swaps to push the Bitcoin profit to Bitfinex.

Pantera also blamed the miners for the price slump, as commercial miners are forced to sell their Bitcoins directly to cover the costs. This has led to a Bitcoin glut.

However, a new theory was also put forward by Pantera: Due to the Bitstamp hacker attack and the stolen Bitcoins worth about five million dollars, the stock exchange had to go offline. All transactions were cancelled and the purchase orders were no longer accepted. This situation could also have been the trigger for the subsequent fall in prices.

Pantera also said that the capital invested in new Bitcoin companies may have played a crucial role. The capital is increasingly flowing into new companies and not directly into Bitcoin. This means less direct investment in Bitcoin and pumping into the companies instead.