Kraken Security Labs has identified a critical security flaw in Trezor’s cryptocurrency hardware wallets, which allows hackers to extract seeds in under 15 minutes.
February 1, 2020, | AtoZ Markets – Kraken Security Labs announced that they had performed an attack against Trezor’s cryptocurrency hardware wallets. The researchers found that the flaw is inherent to the wallet hardware and cannot be fixed.
How to hack Trezor One and T wallet
In a Friday blog post, Kraken claimed that they were able to access Trezor One and T wallet keys by manipulating the voltage in the micro-controller. These hardware components hold vital information, such as seeds, yet are not designed for such purposes. This vulnerability has been understood for some time and has also been discovered on other hardware wallets.
To exploit this bug, an attacker needs access to the physical device, which limits the seriousness of this threat. Nevertheless, devices designed to crack Trezor wallets using this procedure could easily be made. Overall, the team stated that it only takes 15 minutes to exploit this flaw using specialized equipment.
Trezor has responded confirming that it is true that attackers can tamper with users’ devices. They further note that this would be visible as the attacker would have to physically open the case to access the device’s STM32 microchips. Like Kraken, they advise that you keep your device away from strangers. However, on the use of the passphrase, they recommend you ask yourself a number of questions before proceeding.
“Are you able to create a strong and memorable passphrase? Does anyone know how many bitcoins do you have? Do you possess enough bitcoins to become a worthy target?”
Physical hardware wallets have been one of the best answers for cryptocurrency holders on keeping their cryptocurrencies safe. This is because online wallets are exposed to millions of people around the world through the internet. This critical flaw in some Trezor models shows that hardware wallets are not the final answer and cryptocurrency holders need to be cautious.
However, it is also worth noting that there are no known cases of crypto theft due to exploiting hardware wallet flaws. Also, the vast majority of cryptocurrency theft is due to user error.
What do you think about the security flaws Kraken Labs found in Trezor wallets? Let us your thoughts below!