Kraken Finds Critical Flaw in Trezor Wallet That Will Be Very Difficult to Fix

News
Fri, 01/31/2020 - 15:59
Alex Dovbnya
Kraken discovers a dangerous vulnerability in Trezor hardware wallets that would allow attackers to steal crypto in practically no time
Cover image via 123rf.com
Contents

Kraken Security Labs has discovered a critical flaw in Trezor hardware wallets that would allow bad actors to extract an encrypted seed phrase.

Unfortunately for Trezor, this vulnerability cannot be fixed with a software upgrade.

Related
Crypto Wallet Trezor Warns About Telegram Scammers Who Impersonate Its Team Members

It takes only 15 minutes

The Kraken team has determined that one only needs 15 minutes of physical access to the wallet in order to get the seed phrase. This is achieved by attacking its microcontroller through voltage glitching.   

The budget constraints are minimal — a mass-produced glitching device could only cost around 75 dollars. 

Both Trezor T and Trezor One models are susceptible to such attacks.

This flaw is hard to fix

Since the problem lies with the microcontroller of Trezor wallets, there is hardly anything that the Trezor team can do without completely redesigning its product. 

The only surefire way for Trezor owners to protect their coins is to keep their wallets as far as possible from attackers since this vulnerability cannot be exploited remotely. Another possible solution is to enable a BIP39 phrase for encrypting the seed.

About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at alex.dovbnya@u.today.


This site uses cookies for different purposes. Please set your preferences in Cookie Settings and visit our Cookie policy for more information on how and why cookies are used on this site. Click here for cookie policy

Cookie settings