/ledger-app-isolation-bypass-poc

Proof of concept of bypassing app isolation of altcoins to sign Bitcoin transactions without user realising

Primary LanguageJavaScript

Ledger - App isolation bypass PoC

⚠️ The PoC produces a valid signed transaction hex spending your MAINNET BITCOIN: PLEASE take extreme care with this transaction! Do not broadcast it!

Details Here: Ledger App Isolation Bypass

The PoC demonstrates signing a bitcoin mainnet transaction while the litcoin app is unlocked.

⚠️ The PoC produces a valid signed transaction hex spending your MAINNET BITCOIN: PLEASE take extreme care with this transaction! Do not broadcast it!

Run

Requirements

  • Ledger with Bitcoin and Litecoin apps installed
  • Some mainnet balance in Bitcoin (native segwit account)

npm install

npm start