This post will disclose a vulnerability in the Ledger hardware wallets that can lead to theft of user funds. [...] I do not consider myself a security expert. Despite this, I was able to discover this issue while developing and experimenting with Ledger support on Liquality. It is worrying that the vulnerability did not utilise any complicated techniques such as side-channel attacks, buffer overflows etc. This could indicate that there are other issues undiscovered or in plain sight. Perhaps the most shocking conclusion is the negligence from Ledger regarding the handling of this issue. For an issue with this severity, to not attempt a fix, not communicate progress and avoid disclosure, is disrespectful towards the trust that people (including myself) have placed on them. With their increased focus in other departments (integrating alt coins, trading), I urge them to reconsider their attention to security. Such should be the commitment to a hardware wallet. Dettagli ed PoC exploit su https://monokh.com/posts/ledger-app-isolation-bypass L'ingenuità dell'autore sulla fiducia tradita dalle aziende che si basano sulla blockchain è tragicomica. Giacomo