Owners of Ledger cryptocurrency wallets may have become victims of cyber espionage

A software developer known as REKTBuilder has discovered that the hardware wallet software for storing bitcoin, Ledger Live, is tracking its users and collecting their data.

REKTBuilder examined the Python code of the device’s software and assumed that it performs a «device authentication» every time a user connects the Ledger wallet to a computer or phone. According to the expert, all applications installed on the device undergo this check, so Ledger can find out which networks the wallet owner uses.

«Ledger Live has built-in verification during the app listing process. They always check your device when you install, update apps or firmware. I have removed most of the tracking code in Lecce Libre, but the tracking is still ongoing,» the developer wrote on social network X.

In early December, REKTBuilder announced that Ledger Live was recording users' cryptocurrency balances. Later, an open-source alternative to Ledger Live without trackers called «Lecce Libre» was released. Now, the programmer claims to have discovered a more serious privacy problem in Ledger Live. He found that several lines of code contained the phrase «genuine check». When he added the phrase «tracing prints» to this code, he found that the device did not start while he was checking it. The developer became interested in this, and REKTBuilder continued to investigate.

The specialist found that the actual check was built into the listApps subroutine. Ledger can use this check to determine the time and date of the user’s device connection, according to REKTBuilder. The developer attempted to remove the code, causing the software to «break» and become unusable.

«I tried to disable remote tracking, but it’s not possible. If you do this, the wallet will break. This means that every time you connect your device, Ledger knows that it is you and what applications you have installed,» REKTBuilder said.

As a reminder, Ledger has recently promised to cover the losses incurred by users as a result of a hacker attack on the company’s hardware devices. In October, Ledger officially launched the function of recovering the crypto wallet’s seed phrase, parts of which are stored by third-party owners, and this feature caused a lot of controversy in the crypto community.