See More

Researchers Extract Seed Phrase From Trezor Cryptocurrency Hardware Wallets in Minutes

2 mins
Updated by Max Moeller
Join our Trading Community on Telegram
Researchers have gone public with another security flaw in a hardware wallet. This time, Kraken Labs exposed an attack against the popular cryptocurrency cold storage systems offered by Trezor.
The attack takes around 15 minutes to complete. Both the Trezor One and the Trezor Model T wallets are known to be affected. The vulnerability essentially exposes the encrypted seed phrase stored on the compromised device to the attacker. They can then brute force the PIN used to protect the encrypted secret and move funds associated with it. As detailed in a blog post by Kraken Security Labs, the attack exploits known flaws in the device’s hardware. This makes the vulnerability difficult to adequately address without a full hardware redesign, according to the post. The post details that the researchers relied on specialist knowledge and “several hundred dollars of equipment” to break into the devices. However, they note that the devices used could be mass-produced for around $75. Trezor itself has also responded publicly to the attack. The company acknowledges the risk posed by what it terms the Read Protection Downgrade Attack. According to Trezor’s post, attackers need access to the device, as well as a specialized device to send timed voltage glitches through it. Once cracked, the attacker can brute force the one to nine-digit PIN. The whole process can take as little as 15 minutes. Trezor and Kraken reiterate the importance of using the optional passphrase feature to protect holdings further. Attackers cannot compromise those Trezor wallets protected by a strong passphrase using the method detailed here. TREZOR Kraken Labs Kraken Security Labs reportedly disclosed the flaw to Trezor in October 2019. It has since worked with the hardware wallet company to disclose the vulnerability in the interests of cryptocurrency users. Pavol Rusnak, CTO of Trezor manufacturer SatoshiLabs commented on the attack:
“We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.”
In the post by Trezor itself, the hardware wallet company speculates that the vulnerability is related to one exposed by researchers at rival firm Ledger last year. BeInCrypto reported on the flaw at the time. However, Trezor says it is unable to confirm if the two attacks are definitely related since the Ledger researchers have not disclosed full details of their own efforts.
Top crypto platforms in the US | April 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

c8d670c5ace3fefdd9c2b09519d3b3c7?s=120&d=mm&r=g
A former professional gambler, Rick first found Bitcoin in 2013 whilst researching alternative payment methods to use at online casinos. After transitioning to writing full-time in 2016, he put a growing passion for Bitcoin to work for him. He has since written for a number of digital asset publications.
READ FULL BIO
Sponsored
Sponsored