Are Trezor wallets no longer secure? In just 15 minutes, hackers can steal private keys through physical access

According to Cointelegraph reported on February 1, Kraken Security Labs recently announced that Trezor hardware wallets and their derivatives can be used to steal private keys. Although the entire theft process is quite complicated, Kraken claims that hackers "simply perform physical access to the device in 15 minutes to succeed".

Studio shot.

(Image source: flickr )

This attack requires physical intervention in the Trezor wallet by extracting its chip and placing it on a special device, or soldering several key connectors.

The Trezor chip must then be connected to a "faulty device" that sends a signal to it at a specific moment. The device broke the Trezor chip's built-in protection that prevented external devices from reading its memory. This process allows an attacker to read key wallet parameters, including the private key seed. Although the private key seed was encrypted with a key generated by a PIN, the researchers cracked the password within two minutes.

The vulnerability was caused by Trezor's use of specific hardware, and the company may not be able to easily fix the hardware issue. It requires the company to completely redesign the wallet and recall all existing models.

At the same time, Kraken Labs urged users of Trezor and KeepKey not to let anyone easily get their own hardware wallet.

Trezor responded to the matter, and the team believes that the probability of this vulnerability being exploited by hackers is not high. The company argues that the attack will show clear signs of tampering as hackers need to turn on the device, while also pointing out that the attack requires extremely specialized hardware to perform.

The Kraken research team finally recommended that users activate the wallet's passphrase (a double private key set by the user) to avoid such attacks. The passphrase is not stored on the device, it is a dynamically generated private key. Although researchers consider passphrase "complicated in practice," Kraken notes that this is a viable option.

If users want to set a passphrase, they need to make it complicated enough to not be easily cracked by force. If the user forgets it, they will never be able to access the cryptocurrency in the wallet.

Cointelegraph contacted Kraken Labs for more details, but no response has been received as of press time.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Getting Started | What is an aggregate transaction? What are the operating principles and advantages?

Recently, the concept of aggregate transactions has been repeatedly mentioned, how is aggregated trading realized? Wh...

Blockchain

FTX Founder SBF The Astonishing Fall of the Former Cryptocurrency King

In the development process of a new technology, there will always be a moment when the hype is so common that it is t...

Blockchain

The first in the industry! US cryptocurrency exchange INX seeks IPO listing

The cryptocurrency exchange attempted to raise funds through IPOs rather than ICOs, and INX was the first. On August ...

Blockchain

Clear out while the time is right? FTX and Alameda-related addresses recently transferred $30 million worth of assets.

In September, FTX was approved for liquidation and has been frequently withdrawing large amounts of assets in the pas...

Opinion

Amazon's participation and the skyrocketing value of AI company Anthropic become FTX's biggest hope of repaying the debt?

FTX previously invested $500 million as a lead investor in Anthropic's Series B financing round, so the expected appr...

Blockchain

Coinbase becomes Tezos' largest verification node, will it be a new trend for exchanges?

Original: Cryptopotato , original author: Jordan Lyanchev Source: Odaily Planet Daily, Translator: Yu Shunsui Accordi...