Are Trezor wallets no longer secure? In just 15 minutes, hackers can steal private keys through physical access

According to Cointelegraph reported on February 1, Kraken Security Labs recently announced that Trezor hardware wallets and their derivatives can be used to steal private keys. Although the entire theft process is quite complicated, Kraken claims that hackers "simply perform physical access to the device in 15 minutes to succeed".

Studio shot.

(Image source: flickr )

This attack requires physical intervention in the Trezor wallet by extracting its chip and placing it on a special device, or soldering several key connectors.

The Trezor chip must then be connected to a "faulty device" that sends a signal to it at a specific moment. The device broke the Trezor chip's built-in protection that prevented external devices from reading its memory. This process allows an attacker to read key wallet parameters, including the private key seed. Although the private key seed was encrypted with a key generated by a PIN, the researchers cracked the password within two minutes.

The vulnerability was caused by Trezor's use of specific hardware, and the company may not be able to easily fix the hardware issue. It requires the company to completely redesign the wallet and recall all existing models.

At the same time, Kraken Labs urged users of Trezor and KeepKey not to let anyone easily get their own hardware wallet.

Trezor responded to the matter, and the team believes that the probability of this vulnerability being exploited by hackers is not high. The company argues that the attack will show clear signs of tampering as hackers need to turn on the device, while also pointing out that the attack requires extremely specialized hardware to perform.

The Kraken research team finally recommended that users activate the wallet's passphrase (a double private key set by the user) to avoid such attacks. The passphrase is not stored on the device, it is a dynamically generated private key. Although researchers consider passphrase "complicated in practice," Kraken notes that this is a viable option.

If users want to set a passphrase, they need to make it complicated enough to not be easily cracked by force. If the user forgets it, they will never be able to access the cryptocurrency in the wallet.

Cointelegraph contacted Kraken Labs for more details, but no response has been received as of press time.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

The new pattern of staking: exchanges enter the market to explore the boundary, the pledge amount of service providers is not proportional to the income provided

Analyst | Carol Editor | Bi Tongtong | PANews At this time last year, Staking was all the rage, and many players &quo...

Blockchain

The coin was stolen for the first time, and the 7000BTC was missing.

On the morning of May 8, the world-renowned cryptocurrency exchange currency announced that the currency security was...

Market

Old-timers Leaving the Crypto Circle Some Get Married and Have Children, Some Start New Businesses

In the world of encryption, people come and go. Have you ever wondered where the people who have left the cryptocurre...

Blockchain

The money was not earned, and the head was almost bald: interview with the boss of the startup exchange

Currently, one of the most profitable industries in the cryptocurrency sector is the exchange. According to The Block...

Blockchain

Can the combination of decentralized derivative exchanges and account abstraction open up the next incremental entry point?

How much will the target audience expand if decentralized contract exchanges can be logged in using Google accounts?

Market

Exploring the evolution of the stablecoin market structure: Why can USDT always dominate the first place?

Stablecoin competition is an endless topic, as the industry struggles in its second decade, hoping that the market ca...