Kraken Finds Trezor Hardware Wallet Vulnerability

Please share and grow the BitPinas community.

February 7, 2020 – 15 minutes was all the time it took for Kraken Security Labs to hack the Trezor cryptocurrency wallet. The flaw is ingrained to the hardware wallet itself so it cannot be fixed. However, Kraken and Trezor recommended some tips to make sure the hack will never happen.

In a blog post, Kraken Security Labs, the research firm of Kraken crypto exchange said they were able to exploit a “voltage glitching” on the Trezor One and Trezor Model T Wallets, allowing them to extract “encrypted seeds”, which means they got access to what was supposed to be a very secure hardware. They’ve done this while only having physical access to the hardware for just 15 minutes.

Kraken first publicly announced the security flaw in October 2019, but Trezor was also made aware of the vulnerability beforehand. This vulnerability persists because it is inherent to microcontroller inside Trezor wallets. “The only fix is to put out a new device,” said Kraken Chief Security Officer Nick Percoco.

In a tweet, Trezor responded and said that it is not possible for an attack to happen remotely to the hardware. The attacker must have physical access to the device for them to be able to do it. Additionally, it will not work if users turned on their BIP 39 passphrase.

Some, including Percoco are saying the Passphrase feature must not be optional. Of course, the other is that only the owner of the Trezor should have access to the device.

Source: Kraken via The Block Crypto

This article is published on BitPinas:Ā Kraken Finds Trezor Hardware Wallet Vulnerability


Please share and grow the BitPinas community.

Join and subscribe to stay up to date
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Michael Mislos

A business ad graduate from the Pamantasan ng Lungsod ng Maynila, Mike is the website manager of Bitpinas.com. He is responsible for almost every content you see on the site, from topic/news selection to editing of articles. Mike believes correct information about blockchain and cryptocurrency can empower people to make accurate decisions about the industry, which, in turn, should deter bad actors from taking advantage of crypto & blockchain. [Telegram @mikemislos]

Michael Mislos
shares