Experts told about Trezor hardware cryptocurrency wallet hack

Experts told about Trezor hardware cryptocurrency wallet hack

Author: Robert Strickland (crypto-journalist)

Experts told about Trezor hardware cryptocurrency wallet hack
Experts have demonstrably hacked Trezor hardware crypto-wallet, using a vulnerability that became known 3 years ago
The Unciphered team gained access to the device's private keys by exploiting a vulnerability that became known 3 years ago

Cryptocurrency recovery company Unciphered has found a way to physically hack Trezor's popular Trezor T hardware cryptocurrency wallet, CoinDesk reports.

The experts said they used an "incorrigible hardware vulnerability in the STM32 chip," which allowed them to reset the device. Unciphered filmed a video demonstration of the Trezor T wallet hack, provided by the publication, and obtained the seed phrase (password) and pin code.

Trezor said it could not comment on the Unciphered hack because it did not know the details. But the wallet makers noted that a similar vulnerability has already been publicly noted by them as a risk three years ago, it requires physical theft of the device and "extremely sophisticated technological knowledge and state-of-the-art equipment."

In addition, Trezor said their devices could be protected with another password, rendering the exploited vulnerability useless.

Cool storage. What the Ledger cryptocurrency scandal will lead to

Unciphered said it would not disclose details of the hack because it could put wallet users at risk. At least until new security measures are in place, such as using a different chip than the STM32.

Unciphered noted that, Trezor is aware of the chip vulnerability, but the company has done nothing to fix it, and reporting the risk is just an attempt to shift the responsibility for protecting their device to the customer.

Trezor insists that it has already taken significant steps to address the issue by developing new secure elements for its devices.

The topic of hardware wallet security is in the spotlight today because Ledger, the largest manufacturer of such devices, recently caused a scandal when it presented its Ledger Recover password recovery feature.

The new service implied storage of crypto-purse password fragments by third parties, which angered users who believe that only the owner of the device should have access to sensitive data.

In public discussions about the Ledger Recover service, it emerged that the manufacturer had always been able to gain access to customers' private keys and that authorities could require companies storing passwords from cryptocurrencies connected to Ledger Recover to disclose this information.

Ledger has delayed implementing the feature because of the scandal, promising to put its code in the public domain to publicly show its security and security levels.

Other news

crypto exchange Binance responded to accusations by U.S. regulators
How the zkSync project is making Ethereum faster and when it will release its own token
JPMorgan predicts high demand for Bitcoin until April 2024
LUNC token rose 22% after the court granted bail to Do Kwon
The Metropolitan will return $550,000 from the FTX crypto exchange
Bloomberg has learned about Changpeng Zhao's possible successor as head of Binance