Kraken Security Labs has identified a critical security issue in Trezor hardware wallets which enables seeds to be extracted from the devices.
Kraken Finds Flaw in Trezor Wallets
Kraken researchers claim they were able to access Trezor One and T wallet keys by manipulating the voltage in the micro-controller. These hardware components hold vital information, such as seeds, yet are not designed for such purposes. This vulnerability has been understood for some time, and has also been discovered on other hardware wallets.
To exploit this bug, an attacker needs access to the physical device, which limits the seriousness of this threat. Nevertheless, devices designed to crack Trezor wallets using this procedure could easily be made. Overall, the team stated that it only takes 15 minutes to exploit this flaw using specialized equipment.
The Trezor team, however, is already aware of this problem, and were quick to publish a response to Kraken’s findings today. Although this is not the first vulnerability found on Trezor devices, fixing it will likely require a complete hardware redesign.
Wallet Security Remains A Serious Challenge For The Crypto Space
The ability to securely store blockchain assets is an ongoing challenge. Expert opinions differ on the best methods, yet most agree that hardware wallets, kept offline, are the safest means to prevent theft.
There are, of course many quality software wallets available. However, these also come with risks. Of particular concern is desktop wallets, which have been proven to be vulnerable to keyloggers and malware.
To help resolve this issue, crypto custody services such as Baakt and Gemini are now emerging, often with insurance against loss and independent auditing to ensure proper handling of crypto assets. Nevertheless, these services often charge high fees and have drawn the ire of many crypto purists who see them as unnecessary.
Trezor has developed a good reputation for producing quality equipment, and its hardware wallets are in high demand. Thus, it is all but certain that the company will take this current issue very seriously, and find a solution.
It is also worth noting that there are no known cases of crypto theft due to exploiting hardware wallet flaws. Also, the vast majority of cryptocurrency theft is due to user error. If handled properly hardware wallets are extremely secure, and are routinely updated as blockchain technology advances.
What do you think about the latest security flaws found in Trezor wallets? Add your thoughts below!
Images via Amazon Stock Image