Kraken Security Labs has identified a critical security flaw in Trezor’s cryptocurrency hardware wallets, which allows hackers to extract seeds in under 15 minutes.
AtoZ Markets – Kraken Security Labs announced that they had performed an attack against Trezor’s cryptocurrency hardware wallets. The researchers found that the flaw is inherent to the wallet hardware and cannot be fixed.
How to hack Trezor One and T wallet
In a Friday blog post, Kraken claimed that they were able to access Trezor One and T wallet keys by manipulating the voltage in the micro-controller. These hardware components hold vital information, such as seeds, yet are not designed for such purposes. This vulnerability has been understood for some time and has also been discovered on other hardware wallets.
Related: Researcher Shows How to Hack Nano Ledger
To exploit this bug, an attacker needs access to the physical device, which limits the seriousness of this threat. Nevertheless, devices designed to crack Trezor wallets using this procedure could easily be made. Overall, the team stated that it only takes 15 minutes to exploit this flaw using specialized equipment.
Trezor’s Response
Trezor responded by confirming the fact that attackers are able to tamper users' devices. This would be easily visible since the attacker would need to physically open the case in order to gain access to the STM32 microchips. They recommend that you keep your device safe from any strangers, just like Kraken. They recommend that you ask a few questions about the passphrase before proceeding.
“Are you able to create a strong and memorable passphrase? Does anyone know how many bitcoins do you have? Do you possess enough bitcoins to become a worthy target?”
For cryptocurrency holders, physical hardware wallets are the best way to keep their cryptocurrencies safe. Online wallets can be accessed by millions of people all over the globe via the internet. This flaw in certain Trezor models is a sign that hardware wallets may not be the best solution and cryptocurrency owners need to be careful.
However, it is also worth noting that there are no known cases of crypto theft due to exploiting hardware wallet flaws. Also, the vast majority of cryptocurrency theft is due to user error.
What do you think about the security flaws Kraken Labs found in Trezor wallets? Let us your thoughts below!