Skip to content

Kraken Unearths Serious Blemish in Trezor Hardware Wallets

Kraken Security Labs has come up with a strategy to extract seeds from two crypto hardware wallets offered by Trezor. They include the Trezor One and Trezor Model T. These attacks need 15 minutes of physical access to the device.

Digital assets exchange Kraken explained how to launch these attacks against the wallets here. The attack exploits the inherent flaws within the microcontroller that is used in the Trezor wallets. Hence, the Trezor team cannot solve this vulnerability without a hardware redesign.

Until the redesign is made available, users are advised to take precautions to protect themselves against the attacks. They are advised not to allow anyone physical access to their Trezor Wallet and should enable their BIP39 Passphrase with the Trezor Client.

The latest attack is similar to the one against the KeepKey wallet since the Wallet is a derivative. All devices rely on the same family of chips. Trezor has always known about these flaws since it designed these wallets.

Technical Details  

The chips are not designed to store any secrets. Thus, vendors like KeepKey and Trezor should not rely on just them to secure cryptocurrencies. Pavol Rusnak, CTO of SatoshiLabs, commented:

“We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.”

Kraken Security Labs disclosed the full details of the attack to the Trezor team on October 30, 2019. The vulnerability was made public to enable the crypto community to protect themselves as the Trezor team continues to search for a viable solution.

Extracting the seeds from Trezor wallets is not new territory. Trezor has previously implemented much mitigation against different hardware attacks. It has even implemented successful mitigations against the glitching attacks made public during the Wallet.Fail talk at the 35th Chaos Communication Congress.

The latest attack builds upon the research to bypass the mitigations. Cybersecurity is quite essential, especially in this digital revolution. Thus, efforts like Kraken’s are highly welcomed to ensure that hackers’ efforts are thwarted even before they are launched.

Cryptocurrency News Aggregator Cryptocontrol.io contributed to this story.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in 70+ cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. eToro USA LLC does not offer CFDs, only real Crypto assets available. Don’t invest unless you’re prepared to lose all the money you invest.

Read Next:

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts