Experts told about Trezor hardware cryptocurrency wallet hack
Experts have demonstrably hacked Trezor hardware crypto-wallet, using a vulnerability that became known 3 years ago
The Unciphered team gained access to the device's private keys by exploiting a vulnerability that became known 3 years ago
Cryptocurrency recovery company Unciphered has found a way to physically hack Trezor's popular Trezor T hardware cryptocurrency wallet, CoinDesk reports.
The experts said they used an "incorrigible hardware vulnerability in the STM32 chip," which allowed them to reset the device. Unciphered filmed a video demonstration of the Trezor T wallet hack, provided by the publication, and obtained the seed phrase (password) and pin code.
Trezor said it could not comment on the Unciphered hack because it did not know the details. But the wallet makers noted that a similar vulnerability has already been publicly noted by them as a risk three years ago, it requires physical theft of the device and "extremely sophisticated technological knowledge and state-of-the-art equipment."
In addition, Trezor said their devices could be protected with another password, rendering the exploited vulnerability useless.
Cool storage. What the Ledger cryptocurrency scandal will lead to
Unciphered said it would not disclose details of the hack because it could put wallet users at risk. At least until new security measures are in place, such as using a different chip than the STM32.
Unciphered noted that, Trezor is aware of the chip vulnerability, but the company has done nothing to fix it, and reporting the risk is just an attempt to shift the responsibility for protecting their device to the customer.
Trezor insists that it has already taken significant steps to address the issue by developing new secure elements for its devices.
The topic of hardware wallet security is in the spotlight today because Ledger, the largest manufacturer of such devices, recently caused a scandal when it presented its Ledger Recover password recovery feature.
The new service implied storage of crypto-purse password fragments by third parties, which angered users who believe that only the owner of the device should have access to sensitive data.
In public discussions about the Ledger Recover service, it emerged that the manufacturer had always been able to gain access to customers' private keys and that authorities could require companies storing passwords from cryptocurrencies connected to Ledger Recover to disclose this information.
Ledger has delayed implementing the feature because of the scandal, promising to put its code in the public domain to publicly show its security and security levels.
- Digital Silver. What will happen to the price of Litecoin after the rapid growth?
- Justin Sun will "revitalize" Huobi and Poloniex exchanges with memcoins
- MetaMask developers responded to cryptocurrency wallet tax collection
- Tornado Cash hacker offered to cancel his attack
- What is LayerZero, a $3 billion Airdrop candidate project
- FTT token jumped 17% on news of FTX relaunch work
- Hong Kong will open cryptocurrency retailing. How the market will react