Kraken: Keepkey Crypto Hardware Wallet Has an Alarming Flaw

Kraken: Keepkey Crypto Hardware Wallet Has an Alarming Flaw
фото показано с : bitcoinist.com

2019-12-11 01:24

Crypto practitioners who depend on Keepkey hardware wallets to store their coins ought to take a pledge of not discussing it in public.

Kraken Warns Crypto Users

The warning appears on Kraken’s latest blog post wherein it discusses a serious flaw in all of the Keepkey hardware wallets. The US exchange’s security research wing claims that it has found a way to hack seeds from Keepkey wallets. In retrospective, a seed phrase is a string of random words that allows owners to recover their cryptocurrency wallets. That said, anybody with access to seeds could gain access to cryptocurrency funds stored on a wallet.

Kraken found that Keepkey devices have an issue related to their microcontrollers. The exchange noted that people with physical access to victims’ crypto wallets could use specialized hardware to read their encrypted seeds. For that, the attacker would also need to crack the wallets’ pin code through brute force.

The issue now resides in each one of the Keepkey wallets in circulation. The company cannot solve it until it decides to replace them all with patched devices.

“This,” wrote Kraken, “unfortunately means that it is difficult for the KeepKey team to do anything about this vulnerability without a hardware redesign.”

Not a New Problem

Keepkey rubbished Kraken’s findings based on its lack of relevance. The firm shared two articles discussing the same issue. One of them was penned by ShapeShift, which supports Keepkey as its premier wallet on its crypto-to-crypto exchange. The trading platform had written in June that Keepkey can protect clients’ funds from the most common attack vectors, such as viruses, malware, or remote hackers trying to steal private keys. Nevertheless, the firm is as helpless as any other wallet company when it comes to protecting clients’ devices from physical attacks.

“If somebody else has physical access to your device — as well as the time, skill, and tools necessary — they will always be able to command the device to do whatever they want, bypassing any digital lock that exists,” wrote ShapeShift. “Again, this is true of any hardware wallet.”

We have two blog posts on this topic: https://t.co/z0My6qIc9c and https://t.co/M2AU7QK2IH

— KeepKey (@cryptokeepkey) December 10, 2019

Keepkey rival, Ledger, had responded similarly to a malware issue affecting its Nano S wallets back in 2018. After DocDroid reported that attackers could game the Ledger software by replacing the copied receiver addresses with its own, the firm had responded by saying that the issue was universal. Excerpts:

Malware can always change what you see on your computer screen. The only solution is prevention and building a UX to make the user check on its device. The on-device verification feature has been added [six] month ago already.

Solution: Use Complex Passphrases

Charles Guillemet, the chief security officer at Ledger, demonstrated that hackers could guess Keepkey’s wallets’ passphrase in less than a minute by applying different combinations. Kraken reiterated the same evidence in its blog post, leading ShapeShift to write an eleven-step manual to fix the said problem.

Guillemet recommends using passphrases comprised of at least 32 digits made up of a unique combination of numbers, symbols, as well as upper and lower-case letters…With a sufficiently-long passphrase, if an attacker takes the data off your device, they’ll never be able to unlock it. Your PIN and your passphrase keep your funds — safe.

Overall, the issue reminded what doomsday economist Nouriel Roubini had complained about cryptocurrencies. He had noted that anybody with a gun can steal private keys of wallets holding multi-million dollars worth of bitcoin. More so, there was no way for the victim to get the stolen funds back since crypto transactions are irreversible.

By Q3 2019, the cryptocurrency industry lost about $4.4 billion to frauds and thefts, noted CipherTrace in its report. As of June, the amount was $1.1 billion.

What do you think of Kraken’s findings? Add your thoughts below!

Images via Shutterstock, Twitter @cryptokeepkey

The post Kraken: Keepkey Crypto Hardware Wallet Has an Alarming Flaw appeared first on Bitcoinist.com.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Kraken (KRAK) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 KRAK

kraken crypto hardware keepkey wallets flaw serious

kraken crypto → Результатов: 126


Фото:

Kraken купила платформу для торговли bitcoin-фьючерсами Crypto Facilities

Криптовалютная биржа Kraken приобрела регулируемую криптодеривативную торговую платформу Crypto Facilities. Сумма сделки не раскрывается, однако пресс-служба Kraken упомянула, что за покупку бирже пришлось отдать не менее $100 млн.

2019-2-5 14:56


Фото:

Kraken Crypto Trade, Community Impact Bloomberg Article on Tie ‘Red Flags’

Major crypto exchange Kraken has issued a scathing response to a recent Bloomberg article about stable cryptocurrency Tether (USDT) allegedly “defying logic” on Kraken’s platform. The article in question, titled “Crypto coin Tether defies logic on Kraken’s market, raising red flags,” was published on Bloomberg June 29, with comments and analysis from several academics and

2018-7-3 22:16


Фото:

Bloomberg Wakes Kraken: Good Fails To Come Of This

Just when you thought the ongoing tit-for-no-tat between the business media and the crypto pages couldn’t get any more entertaining, one of the smaller exchanges has returned fire. Kraken, which was accused by Bloomberg last week of rigging the Tether game, shot back with a blog post that unmasked the technical incompetence that is characteristic of many […] The post Bloomberg Wakes Kraken: Good Fails To Come Of This appeared first on Crypto Briefing.

2018-7-3 00:58