Coldcard hardware wallet developers released firmware to eliminate critical vulnerability
The developers of the hardware wallet for Bitcoin Coldcard released a beta firmware patch to eliminate the vulnerability that affected the Coldcard hardware wallet Ledger earlier this year.
Security researcher Ben Ma, who works for hardware wallet manufacturer Shift Crypto, discovered a vulnerability in the Coldcard hardware wallet. An attacker can deceive a Coldcard user to send a real BTC transaction, while he believes that he is sending a transaction on a test network.
BTC transactions in both the test and main networks “have the same transaction view,” Ma writes on the Shift Crypto blog. An attacker can generate a Bitcoin core network transaction for a hardware wallet, but make it look like a test network transaction. This makes it difficult for users to recognize the error.
Ma learned about the vulnerability after an anonymous researcher discovered the so-called “isolation bypass” attack in the Ledger hardware wallet. When the initial vulnerability was discovered, Coinkite founder and Coldcard creator Rodolfo Novak said:
“Coldcard does not support any” shitcoins, “we believe this is the best path.”
In his opinion, a BTC-only wallet will be safe, since the vulnerability was partly due to the fact that Ledger wallets previously allowed different coins to be controlled using the same private key. Since Coldcard does not support multiple coins, theoretically there should not be this problem in the wallet. However, the wallet can be used for transactions in the Bitcoin test network and this opens a loophole for hackers.
If the user’s computer is compromised and his Coldcard wallet is unlocked and connected to this device, the attacker can deceive him to send BTC on the main network instead of a transaction on the test network.
“An attacker simply must convince the user to try a transaction on a test network by using any attack of social engineering. After the user confirms the transaction of the test network, the attacker receives the BTC of the main network in the same volume, “Ma writes on the blog.
Since the attacker can perform this attack remotely, the vulnerability meets the criteria for a critical Shift Crypto problem, which led to the need for disclosure. According to the article, Ma revealed the vulnerability of Coinkite on August 4, and Novak acknowledged its presence the next day. On November 23, Coldcard released a beta version of the firmware to eliminate the vulnerability.
Recall that recently Legger wallet users lost more than 1,150,000 XRP, becoming victims of fraudsters who carried out phishing attacks and attracted people to a fake site.