Skip to content

Kraken Unearths Serious Blemish in Trezor Hardware Wallets

Kraken Security Labs has come up with a strategy to extract seeds from two crypto hardware wallets offered by Trezor. They include the Trezor One and Trezor Model T. These attacks need 15 minutes of physical access to the device.

Digital assets exchange Kraken explained how to launch these attacks against the wallets here. The attack exploits the inherent flaws within the microcontroller that is used in the Trezor wallets. Hence, the Trezor team cannot solve this vulnerability without a hardware redesign.

Until the redesign is made available, users are advised to take precautions to protect themselves against the attacks. They are advised not to allow anyone physical access to their Trezor Wallet and should enable their BIP39 Passphrase with the Trezor Client.

The latest attack is similar to the one against the KeepKey wallet since the Wallet is a derivative. All devices rely on the same family of chips. Trezor has always known about these flaws since it designed these wallets.

Technical Details  

The chips are not designed to store any secrets. Thus, vendors like KeepKey and Trezor should not rely on just them to secure cryptocurrencies. Pavol Rusnak, CTO of SatoshiLabs, commented:

“We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.”

Kraken Security Labs disclosed the full details of the attack to the Trezor team on October 30, 2019. The vulnerability was made public to enable the crypto community to protect themselves as the Trezor team continues to search for a viable solution.

Extracting the seeds from Trezor wallets is not new territory. Trezor has previously implemented much mitigation against different hardware attacks. It has even implemented successful mitigations against the glitching attacks made public during the Wallet.Fail talk at the 35th Chaos Communication Congress.

The latest attack builds upon the research to bypass the mitigations. Cybersecurity is quite essential, especially in this digital revolution. Thus, efforts like Kraken’s are highly welcomed to ensure that hackers’ efforts are thwarted even before they are launched.

Cryptocurrency News Aggregator Cryptocontrol.io contributed to this story.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account? Sign In

Services

IMPORTANT NOTICE

Finbold is a news and information website. This Site may contain sponsored content, advertisements, and third-party materials, for which Finbold expressly disclaims any liability.

RISK WARNING: Cryptocurrencies are high-risk investments and you should not expect to be protected if something goes wrong. Don’t invest unless you’re prepared to lose all the money you invest. (Click here to learn more about cryptocurrency risks.)

By accessing this Site, you acknowledge that you understand these risks and that Finbold bears no responsibility for any losses, damages, or consequences resulting from your use of the Site or reliance on its content. Click here to learn more.