Specialists from Kraken Security Labs talked about critical vulnerability in the Trezor physical wallet
The independent laboratory of the popular cryptocurrency exchange Kraken on its blog published details of hacking the Trezor hardware wallet and provided complete information on how users can protect themselves from theft of funds. According to the data, experts from Kraken Security Labs managed to break into the Trezor physical storage in 15 minutes. In particular, the hack was tested on the Trezor One and Trezor Model T models, which were provided to specialists for examination. According to the Kraken team, this is the first time they have revealed the details of a phased wallet hack.
Kraken Security Labs clarified that it is possible to steal funds from the storage only with physical contact – the wallet is reliably protected by Passphrase from remote hacking. Based on this, only 6-9% of users who are not careful enough and do not store the hardware device in a safe place can suffer. Physical access attacks are not widespread, however, wallet owners can protect themselves by using the manual posted on the laboratory’s official blog.
Despite the existing threat, it is not so easy to crack a cryptocurrency exchange wallet. In addition to physical access, the attacker will have to purchase a special device that causes a system crash when the chip is connected and will cost $ 75. A Trezor representative noted that the developers are aware of this vulnerability, but will not be able to solve it with a software updаte – the defect is in the device itself, which needs to be replaced with a revised wallet model. In addition, Trezor management hastened to reassure its customers, guaranteeing complete security when performing transactions on cryptocurrency exchange sites.
Among other things, Kraken Security Labs reports that with the help of third-party equipment, attackers can crack a mnemonic phrase (or seed-phrase), which stores information that allows you to restore your wallet. A key is generated from such phrases, which provides access to the repository. Unscrupulous users and bitcoin cryptocurrency exchangers will not be able to harm the owners of such wallets in any way; in addition, experts said that in the event of a hacking of the carrier, traces will remain – the scammer will not succeed in cranking the theft of funds during physical contact without using brute force. Therefore, both Kraken and Trezor advise not to worry those who have such a device, but those who have not yet purchased it, they recommend waiting for the release of a new, more stable model, or taking more care of their physical wallet.