Exclusive: Why Ledger CEO Eric Larchevêque is Preparing for Crypto Nuclear Winter

One of the most striking things about the cryptocurrency industry is people’s willingness to talk about it. As the CEO of Ledger, perhaps the most secure hardware wallet in the world, you might think that Eric Larchevêque would send a spokesperson on his behalf. Yet the professional, poised, and, above all, humble Larchevêque is always willing to talk–especially if it helps the advancement of the bitcoin industry. The first time I spoke to him at a conference, I was still fairly new to the bitcoin industry and wet around the ears. As I trembled with my notes terrified of asking

Exclusive: Why Ledger CEO Eric Larchevêque is Preparing for Crypto Nuclear Winter by CCN

News – CCN

Ledger & TREZOR Official Response

From Ledger, "At the 35th Computer Chaos Congress in Leipzig, Dmitry Nedospasov, Thomas Roth and Josh Datko gave a presentation called wallet.fail, where they tried to demonstrate that Hardware Wallets were vulnerable to several types of attacks. Concerning Ledger, they presented 3 attack paths which could give the impression that critical vulnerabilities were uncovered on Ledger devices. This is not the case."

https://www.ledger.fr/2018/12/28/chaos-communication-congress-in-response-to-wallet-fails-presentation/

TREZOR's manufacturer SatoshiLabs responded to the vulnerabilities on Twitter, saying "With regards to #35c3 findings about @Trezor: we were not informed via our Reponsible Disclosure program beforehands, so we learned about them from the stage. We need to take some time to fix these and we'll be addressing them via a firmware update at the end of January."

SatoshiLabs also responded in their subreddit with slightly more detail, "Per my latest information (I am not present at the conference), we were not informed about this vulnerability via our Responsible Disclosure process, and therefore we are working with the information as it arrives. We will address this vulnerability as soon as possible, though we will need some time. Until then, you can mitigate it by using a passphrase (make sure to learn how it works first, as in case of passphrase-loss your funds are irrecoverable), or by making sure you do not lose physical access to your device. To exploit the vulnerability, the attacker needs to have physical access to your device — directly to its board."

Of interest, neither manufacturer was notified of these vulnerabilities prior to it's disclosure on stage at CCC through their responsible disclosure programs so have been caught unaware. SatoshiLabs and Ledger will both be patching their devices by the end of January.

submitted by /u/FortuitousIdiom
[link] [comments]
Bitcoin – The Currency of the Internet