Trezor responds to wallet vulnerabilities, attackers need physical equipment to steal cryptocurrencies

Kraken Security Labs has disclosed an important flaw in Trezor hardware wallets. More specifically, this flaw is specific to Trezor One and Trezor Model T. Fearfully, the security team successfully exploited this flaw in just 15 minutes. Kraken advises users of Trezor hardware wallets not to give their wallets to strangers. In addition, users should enable their BIP39 password.

wallet

In this regard, the Kraken security team has published an article and a corresponding video over the past few hours showing how the Trezor hardware wallet was compromised.

"This attack relies on voltage faults to extract the crypto seed. This preliminary research requires some expertise and several hundred dollars of equipment, but we estimate that we (or criminals) can mass produce a consumer-friendly faulty device For about $ 75. "

"Then we cracked the encryption seed, which was protected by a 1-9 digit password, but was trivial for brute force cracking."

The Kraken team noted that these attacks were due to "flaws in the microcontroller itself." This means that Trezor can do nothing without redesigning the hardware.

Other security companies such as Ledger Donjon and Trezor knew the problem themselves, but Kraken was the first to make it public.

Trezor responded that the attacker could indeed tamper with the user's device. They further stated that this would be visible, meaning that an attacker would have to open the physical case to access the device's STM32 microchip. Like Kraken said, they recommend that you keep your device away from strangers.

In Binance's December 2018 security survey, fewer than 6% of respondents were concerned about physical attacks. Trezor said that although very few people focus on physical attacks, they take them very seriously.

When using pass phrases, Trezor recommends that you ask yourself some questions before continuing. These questions cannot be answered by the hardware wallet manufacturer, and if users think it is necessary, they should choose to enable the pass phrase function.

"Can you create a secure and easy-to-remember password? Does anyone know how much bitcoin you hold? Will the amount of bitcoin you hold make you a valuable target?"

The main advantage of a passphrase is that it is not stored anywhere on the device and therefore cannot be retrieved by a third party. At the same time, this also brings a risk: if you lose or forget your password, no one can help you retrieve it.

For cryptocurrency holders, a physical hardware wallet is one of the best options for protecting cryptocurrencies. That's because online wallets are likely to show their flaws to millions of people around the world via the Internet. The vulnerability of some Trezor models shows that hardware wallets are not the final answer, and cryptocurrency holders still need to be cautious.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

After carrying a huge debt and shutting down TradeBlock, the former crypto empire DCG is now struggling for survival with one arm.

As the liquidity crisis in encryption erupted, the market declined, and the previous blind expansion and investment h...

Blockchain

How to establish a compliant cryptocurrency exchange following the consecutive lawsuits against Binance and Coinbase?

Let's talk about the SEC's charges against Coinbase, which won't surprise any lawyer practicing in the United States ...

Blockchain

The real life of the owner of the exchange: the horror of the thief, the night can not linger

Xu Mingxing once dreamed that someone had kidnapped him and asked him to hand over Bitcoin. Awakened in his dream, he...

Blockchain

EN: Binance has requested "Binance Nigeria Limited" to cease operations.

CEO of Binance, CZ, announced on Twitter that Binance has issued a notice to the scam entity "Binance Nigeria Limited...

Blockchain

After launching an upgraded application, OKX Hong Kong has recorded over 10,000 new user registrations within a month.

OKX is the first exchange in Hong Kong to announce this milestone since the new Virtual Asset Service Provider (VASP)...

Blockchain

The second "uprising" of the exchange

After the seventy-four events of the 17th year and the baptism of the bull market at the end of the year, the three m...