Ledger Chief Technology Officer (CTO) Charles Guillemet recently warned crypto users about a new wave of major zero-click vulnerabilities. Guillemet urged crypto users to protect their assets by not leaving valuable information on their phones.
State-linked hackers on rampage
The Ledger CTO noted that nation-states have bought zero-click vulnerabilities to spy on high-value targets or criminal organizations. They aim to steal high-value secrets, such as crypto wallets.
According to reports, state-sponsored hacking groups are using commercial spyware to compromise Signal, WhatsApp and Telegram.
Once installed, the spyware gives the attacker complete access to the phone, including crypto wallet apps. The targets so far are mostly diplomats and officials in the U.S., Europe and the Middle East.
However, these tools are spreading to more buyers, and the techniques are becoming commercialized.
Most people store crypto in mobile wallets or browser-extension wallets that synchronize with their phone. They use their phone to store seed phrases in iCloud/Google backup and private keys.
Hence, if a nation-state or a well-funded criminal group can silently take over phones with a zero-click exploit, they can see the seed phrase and private keys the moment an individual opens their wallet app.
Once this happens, they can drain every wallet in seconds, and the individual would not even know until it is gone.
The Ledger CTO, therefore, is telling the crypto community that their phone is now one of the riskiest places to keep large amounts of cryptocurrency.
Security tips for crypto users
One of the reliable counter-measures for large holdings is cold and hardware wallet storage without an internet-connected phone or computer.
Just a few weeks ago, Binance CEO Richard Teng urged users of the exchange to prioritize security updates. Teng advised Binance users to use authenticator apps, passkeys, security keys, and multivalidator verification to secure their accounts.
According to the Binance team, authenticator apps add a second layer of login security using time-based one-time passwords that change every 30 seconds.
Across the Shiba Inu (SHIB) network, Mazrael, a prominent community member, shared a crucial security update. Mazrael warned the SHIB community that bad actors are intensifying their efforts in a bid to drain the wallets of unsuspecting victims.
Mazrael also urged the Shiba Inu community to fight for what was delivered to it, including the ShibDAO and ShibIO. He explained that bad actors are attempting to peddle counterfeits to capitalize on the popularity of Shiba Inu.
Source: https://u.today/scam-alert-ledger-cto-issues-major-zero-click-vulnerability-warning-to-crypto-users
