In a demonstration titled “Wallet.fail,” a team of security researchers hacked into the Trezor One, Ledger Blue and Ledger Nano S. Unfortunately, it appears as if their findings were first put on display at the 35th Chaos Communication Congress (35C3) in Leipzig, Germany, rather than through accepted Responsible Disclosure practices, which would have allowed the manufacturers to patch the vulnerabilities and protect their customers from any potential attack. Fortunately, the vulnerabilities appear to be very difficult for attackers to actually exploit.The team of experts included security researchers Dmitry Nedospasov, Josh Datko and systems engineer Thomas Roth. Among the vulnerabilities revealed in the presentation were several that could have been fixed with a firmware upgrade on the hardware wallets in question.SatoshiLabs, the manufacturers of Trezor wallets, through its Chief Technology Officer Pavol Rusnak, insisted that the company had not been notified about the vulnerabilities demonstrated at the event, going on to add that there's a "Responsible Disclosure program" that the researchers could have followed to give them a heads-up about the loopholes."With regards to #35c3 findings about @Trezor: we were not informed via our Responsible Disclosure program beforehand, so we learned about them from the stage. We need to take some time to fix these, and we'll be addressing them via a firmware upda...
