Ledger responded to the signature security vulnerability: The Bitcoin App has been updated to improve the vulnerability. The vulnerability will not reveal sensitive data such as private keys and mnemonics

The cryptocurrency wallet Ledger wrote an article in response to the security vulnerability disclosed by the security researcher Monokh. Ledger stated that it has released version 1.4.6 of the Bitcoin application today, which aims to improve the security vulnerabilities disclosed by Monokh. In addition, Ledger has also updated applications such as Litecoin and Dogecoin. Ledger emphasized that the vulnerability will not be used by attackers to obtain sensitive data such as private keys and mnemonics. In addition, if users do not use applications other than Bitcoin through the device, they will not be affected. The new version will check the derivation path used for trading and will issue a warning message if it is different from the regular activity. For example, if the wrong path is used when verifying the receiving address, “derived path abnormal” will be displayed, and for signed transactions, “signature path is abnormal” will be displayed, and then the user can choose to reject it when unsure. The reason the abnormal path will not be completely blocked is that some wallet applications use custom non-standard derived paths. Chain Wen previously reported that Monokh disclosed a signature security vulnerability in the Ledger hardware wallet, which may result in the theft of user funds.