- Kraken disclosed hardware flaws in both the flagship products of Trezor - Trezor One and Trezor Model T.
- Though it took less time, the hack wasn’t “easy” as it needed about 15 minutes of "physical access" to the device and a few specialized equipments.
Crypto exchange Kraken’s cybersecurity division has disclosed a hardware flaw in both the flagship products of Trezor - Trezor One and Trezor Model T. In a blog post, the exchange said that it took them just 15 minutes to hack both the wallets. They did admit that the process wasn’t “easy” because the described method needed about 15 minutes of "physical access" to the device and a few specialized equipments.
The exchange said that it used voltage glitching to extract the encrypted seed from all the devices. The blog post noted that after extracting the seed, it brute-forced the encryption, which was trivially easy to do. The attack took advantage of "inherent flaws within the microcontroller used in the Trezor wallets." According to Kraken, Trezor's team will have a tough time resolving this issue "without a hardware redesign."
The exchange spent hundreds of dollars on equipment to carry out the hack but figured such a device could be sold for $75 if mass-produced. Kraken has contacted Trezor about this vulnerability. Pavol Rusnak, CTO of Trezor developer SatoshiLabs, reportedly said:
We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.
Kraken Security Labs claims to "try to discover attacks against the crypto community before the bad guys do" and having "responsibly disclosed the full details of this attack to the Trezor team on October 30, 2019." The reason to go public with this issue is cited as "so that the crypto community can protect themselves before a fix is released by the Trezor team."
Trezor responded to this, stating that device holders must use strong passphrases to keep their devices secure. In a blog post, Trezor said:
Over the six years of existence of SatoshiLabs, we have dedicated a majority of our resources into mitigating remote attacks, and we have designed devices that are fully resistant to all online threats. We always knew that all hardware is hackable and the question about physical attacks is not if they will happen, but when they will happen.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.
Latest Crypto News & Analysis
Editors’ Picks
Bitcoin affected by Chinese coronavirus and the sell-off on the financial markets
Bitcoin jumped to a new 2020 high during early Asian hours. The first digital coin touched $9,614 level before retreating below $9,400.
XRP/USD needs to regain ground above $0.2500 as soon as possible
Ripple's XRP, the third-largest digital asset by market value is changing hands at $0.2488. The coin has gained nearly 5% in recent 24 hours and lost 2%since the beginning of the day.
ETC/USD resumes the upside after hash rate increase
Ethereum Classic (ETC) has gained nearly 6% in recent 24 hours to trade at $12.08. The coin hit the recent high at $12.86 on January 29 and has been range-bound with bearish bias ever since.
LTC/USD needs to stay above $70.00 to retain bullish bias
Litecoin (LTC) has settled above $70.00 after hitting the recent high at $73.35. While the coin has retreated from Sunday's top, it is still over 2% higher on a day-to-day basis. Litecoin now takes 7th place in the global cryptocurrency rating with a market value of $4.5 billion.
Bitcoin Weekly Forecast: Faces a brick wall at $9,300
The cryptocurrency market has been on recovery mode during the last week of January. Bitcoin and all major altcoin finished the month in a green zone, with some of them posting triple-digit gains.