Kraken Security Labs has identified a critical security issue in Trezor hardware wallets which enables seeds to be extracted from the devices.
Kraken Finds Flaw in Trezor Wallets
Kraken researchers claim they were able to access Trezor One and T wallet keys by manipulating the voltage in the micro-controller. These hardware components hold vital information, such as seeds, yet are not designed for such purposes. This vulnerability has been understood for some time, and has also been discovered on other hardware wallets.
To exploit this bug, an attacker needs access to the physical device, which limits the seriousness of this threat. Nevertheless, devices designed to crack Trezor wallets using this procedure could easily be made. Overall, the team stated that it only takes 15 minutes to exploit this flaw using specialized equipment.
The Trezor team, however, is already aware of this problem, and were quick to publish a response to Kraken’s findings today. Although this is not the first vulnerability found on Trezor devices, fixing it will likely require a complete hardware redesign.
Wallet Security Remains A Serious Challenge For The Crypto Space
The ability to securely store blockchain assets is an ongoing challenge. Expert opinions differ on the best methods, yet most agree that hardware wallets, kept offline, are the safest means to prevent theft.
There are, of course many quality software wallets available. However, these also come with risks. Of particular concern is desktop wallets, which have been proven to be vulnerable to keyloggers and malware.
To help resolve this issue, crypto custody services such as Baakt and Gemini are now emerging, often with insurance against loss and independent auditing to ensure proper handling of crypto assets. Nevertheless, these services often charge high fees and have drawn the ire of many crypto purists who see them as unnecessary.
Trezor has developed a good reputation for producing quality equipment, and its hardware wallets are in high demand. Thus, it is all but certain that the company will take this current issue very seriously, and find a solution.
It is also worth noting that there are no known cases of crypto theft due to exploiting hardware wallet flaws. Also, the vast majority of cryptocurrency theft is due to user error. If handled properly hardware wallets are extremely secure, and are routinely updated as blockchain technology advances.
What do you think about the latest security flaws found in Trezor wallets? Add your thoughts below!
Images via Amazon Stock Image The post appeared first on Bitcoinist.com. origin »
Специалисты Kraken Security Labs сообщили, что нашли критическую уязвимость в аппаратных кошельках Trezor, открывающую возможность извлечения seed-фразы в течение 15 минут. 🚨It took Kraken Security Labs just 15 minutes to hack both of @trezor’s crypto hardware wallets.
In shocking news, cryptocurrency exchange Kraken’s Security Labs announced that they were able to find a “critical flaw” in Trezor hardware wallets. Kraken Security Labs announced on Friday that they have devised a way to extract seeds from both crypto hardware wallets of Trezor One and Trezor Model T.
The security research team at Kraken has found a way to hack into the popular Trezor bitcoin hardware wallet. In merely 15 minutes with physical access to the device, the team extracted seeds from the wallet.
Руководитель Kraken отметил лучшие примеры для хранения криптовалюты, после взлома Cryptopia, среди которых хранение в холодных кошельках. По словам генерального директора Kraken, Джесси Пауэлла, пользователям не нужно держать больше криптовалюты на биржах, чем может понадобится для активной торговли.
Генеральный директор криптобиржи Kraken Джесси Пауэлл после недавней атаки на платформу Cryptopia призвал инвесторов перевести свои средства на аппаратные кошельки для их автономного хранения. Соответствующее предложение глава торговой площадки разместил на своей странице в Твиттере.
Trezor’s latest hardware wallets feature secure elements but are still vulnerable to attacks targeting their microcontrollers, Ledger claims. In the constantly shifting world of crypto security, even the most advanced hardware wallets aren’t immune to emerging threats. Now, cybersecurity experts…
Amidst the buzz and excitement of the Bitcoin community, the occasional headline of an exchange getting hacked makes every Bitcoin user’s stomach churn. One of the biggest concerns many of us have is getting our Bitcoin and other cryptos snatched right underneath our noses by hackers.
Trezor will end coinjoin feature by June as its partner zkSNACKs discontinues the service amid regulatory hurdles.
The post Trezor to end privacy-enhancing coinjoin feature as Wasabi Wallet steps back appeared first on Crypto Briefing.
Cybersecurity researchers have identified a new phishing toolkit dubbed CryptoChameleon, which targets employees of Coinbase, Binance, Gemini, and Kraken. A phishing campaign employing a new toolkit dubbed CryptoChameleon has emerged, targeting Federal Communications Commission (FCC) employees as well as staff…
