The cybersecurity wing of crypto exchange Kraken was able to hack Trezor’s bitcoin hardware wallets in just 15 minutes.
According to a blog post published Jan. 31, it took Kraken Security Labs fifteen minutes in order to hack both of Trezor’s flagship hardware wallets, the Trezor One and Model T.
🚨It took Kraken Security Labs just 15 minutes to hack both of @trezor’s crypto hardware wallets.
Here’s how we did it and what it means if you’re a user: https://t.co/5betNtDnD0
— Kraken Exchange (@krakenfx) January 31, 2020
The post identifies a “critical flaw” in Trezor’s products, which allowed the security team to extract seeds from both models of the hardware wallets. The attack required 15 minutes of physical access to the device, exposing the vulnerability of users who lose or misplace their wallet.
The post reads,
This attack relies on voltage glitching to extract an encrypted seed. This initial research required some know-how and several hundred dollars of equipment, but we estimate that we (or criminals) could mass produce a consumer-friendly glitching device that could be sold for about $75.
From there the security team was able to crack the encrypted seed, which uses a 1-9 digital PIN number, using a typical brute force method.
Kraken claims it will be difficult for Trezor to fix the flaw, given the attack relies upon a hardware vulnerability,
The attack takes advantage of inherent flaws within the microcontroller used in the Trezor wallets. This unfortunately means that it is difficult for the Trezor team to do anything about this vulnerability without a hardware redesign.
Kraken cautions clients to avoid allowing anyone physical access to their wallet and to enable their BIP39 passphrase, which is stored outside of the device.
Featured Image Credit: Photo via Pixabay.com