15 year old security researcher Saleem Rashid discovered a flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies.
The root cause is that the Ledger devices use a secure processor chip and a non-secure microcontroller chip. An attacker could compromise the insecure processor.
Ledger released a patch on March 6, 2018 to address vulnerability, and Eric Larchevêque, Ledger’s CEO, stated that the company hadn’t received any reports of hackers actually accessing the crypto keys.
Read more about it here.