Kraken Has Hacked Trezor's Hardware Wallet

Kraken has bad news for those who like Trezor. It has revealed that it had no problem hacking the company’s hardware wallet.

Great news for those who love hacking and stealing money. Trezor’s wallet is vulnerable, according to Kraken Security Labs. 

In its official blog, Kraken Security Labs said that it “devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T.”

It took the white hackers just 15 minutes to penetrate the device. And they decided to share the details of how they performed the attack.

To begin with, the attack “relies on voltage glitching to extract an encrypted seed.” According to the Lab, this approach requires specific knowledge and relatively expensive equipment which costs several hundreds of dollars. However, it’s possible to produce “a consumer-friendly glitching device that could be sold for about $75.”

Then, the white hackers explain, they cracked the encrypted seed. The PIN that protects it has 1-9 digits. But for an experienced hacker, it’s nothing.

Besides, according to the Lab, “the attack takes advantage of inherent flaws within the microcontroller used in the Trezor wallets.”

This doesn’t augur well at all for the Trezor team. Because in order to address the problem, the team must redesign the hardware.

What do I do now?

Here’s what you can do to avoid trouble. First, don’t allow anyone physical access to your Trezor wallet. The company warns that because of this you could lose your crypto.

Besides, the company recommends to “Enable Your BIP39 Passphrase with the Trezor Client.

Even though this passphrase is “clunky,” it’s still a viable option. Primarily because it “is not stored on the device and therefore is a protection that prevents this attack.”

Previous cases

Kraken Security Labs note that they’ve already done research on this regard. Specifically, against the KeepKey wallet. To remind, the KeepKey is a derivative and all devices rely on the same family of chips.

The white hackers also add that Trezor has known that its wallets are not fully safe. Even in the inception stage. The company also notes that other teams, including Ledger Donjon, had already proved it, but they never revealed the details.

Lastly, Kraken Security Labs note that they’re working with the Trezor team “to coordinate this disclosure.” The team has also responded to the news in a separate article. In it, it emphasizes the need to use a passphrase. And calls it “an exceptionally secure layer of active protection.” 

Yet, there are a few things to keep in mind. And before you start using the passphrase, ask yourself these questions: “Are you able to create a strong and memorable passphrase? Does anyone know how many bitcoins do you have? Do you possess enough bitcoins to become a worthy target?”

Remember, only you can answer these questions. And only you can do your own research when choosing the best wallet for storing your crypto. Be careful with what companies promise you and don’t trust everything you read.

Previously, Altcoin Buzz covered Bitmex’s big mess.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.