Are Trezor wallets no longer secure? In just 15 minutes, hackers can steal private keys through physical access

According to Cointelegraph reported on February 1, Kraken Security Labs recently announced that Trezor hardware wallets and their derivatives can be used to steal private keys. Although the entire theft process is quite complicated, Kraken claims that hackers "simply perform physical access to the device in 15 minutes to succeed".

Studio shot.

(Image source: flickr )

This attack requires physical intervention in the Trezor wallet by extracting its chip and placing it on a special device, or soldering several key connectors.

The Trezor chip must then be connected to a "faulty device" that sends a signal to it at a specific moment. The device broke the Trezor chip's built-in protection that prevented external devices from reading its memory. This process allows an attacker to read key wallet parameters, including the private key seed. Although the private key seed was encrypted with a key generated by a PIN, the researchers cracked the password within two minutes.

The vulnerability was caused by Trezor's use of specific hardware, and the company may not be able to easily fix the hardware issue. It requires the company to completely redesign the wallet and recall all existing models.

At the same time, Kraken Labs urged users of Trezor and KeepKey not to let anyone easily get their own hardware wallet.

Trezor responded to the matter, and the team believes that the probability of this vulnerability being exploited by hackers is not high. The company argues that the attack will show clear signs of tampering as hackers need to turn on the device, while also pointing out that the attack requires extremely specialized hardware to perform.

The Kraken research team finally recommended that users activate the wallet's passphrase (a double private key set by the user) to avoid such attacks. The passphrase is not stored on the device, it is a dynamically generated private key. Although researchers consider passphrase "complicated in practice," Kraken notes that this is a viable option.

If users want to set a passphrase, they need to make it complicated enough to not be easily cracked by force. If the user forgets it, they will never be able to access the cryptocurrency in the wallet.

Cointelegraph contacted Kraken Labs for more details, but no response has been received as of press time.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Beginner's Guide | Why choose a highly liquid exchange?

Source: Medium Translation: First Class (First.VIP) Liquidity is the most important concept that everyone needs to un...

Blockchain

Hong Kong's anti-acquisition new deal will take effect, and the "coin stock" of the fire currency will be renamed as a risk

Tongcheng Holdings Co., Ltd. (HK1611) issued an announcement proposing to change the company name to Firecoin Technol...

Blockchain

Coinbase's effect on the currency is not strong, mainly because the market is at work.

Coinbase is one of the most influential compliance exchanges in the world, providing multiple French currency channel...

Blockchain

Weekly data on the BTC chain: data on the chain began to fall, and the exchange traded frequently

In the past week (10.28-11.03), from the main chain data, the total amount of transactions has increased compared wit...

Blockchain

The volatility product "Turtle Bunny Card" is available, is the coin derivative a devil or an angel?

On May 30th, Dr. George Cao, founder and CEO of BitMax.io, visited the ChainNode live room and talked to Babbitt edit...

Blockchain

The data is good for the stock market of the sudden market: Which is the liquidity of the exchange?

This paper analyzes and compares the liquidity of major exchanges on April Fool's Day. In the short time from 12...