You could leave your new crypto on the exchange where you purchased it, but those are worthwhile targets for hackers. You could move it to a software wallet, or maybe a third-party website or an app on your phone.

But, again, those are online, so they’re susceptible to hacking. A paper wallet — literally a QR code printed on a piece of paper — is also an option, but they’re such a pain to set up.

On March 20, Saleem Rashid, a 15-year-old self-taught programmer, published a blog post detailing multiple ways a hacker could crack the Ledger Nano S, a popular crypto hardware wallet. Apparently, the device isn’t as “tamper-proof” as its makers claimed.

In his post, Rashid explained how a hacker could use a vulnerability in the Ledger Nano S to steal any private keys stored on the device. They could do this by tampering with the device either before you bought it (a “supply chain attack”) or after you’d already loaded it up with your private information (an “evil maid attack”).

Ledger released a patch to address the hardware wallet vulnerability on March 6, and Eric Larchevêque, Ledger’s CEO, told TechCrunch the company hadn’t received any reports of hackers actually accessing the crypto of Nano S users. Because, apparently, Rashid wasn’t satisfied with the response from Ledger. Read more from…

thumbnail courtesy of