Kraken Reveals Trezor Wallets Can Be Hacked To Extract Private Keys
Kraken Reveals Trezor Wallets Can Be Hacked To Extract Private Keys
February 1, 2020
Kraken Reveals Trezor Wallets Can Be Hacked To Extract Private Keys
Kraken Reveals Trezor Wallets Can Be Hacked To Extract Private Keys
February 1, 2020

Kraken Security Labs revealed that Trezor hardware wallets and their derivatives can be hacked to extract private keys. Though the procedure is quite involved, Kraken claims that it “requires just 15 minutes of physical access to the device.”

On January 31, it has been reported that the attack requires a physical intervention on the Trezor wallet by either extracting its chip and placing it on a special device or soldering a couple of critical connectors.

However, the Trezor chip must be connected to a “glitcher device” that would send signals at specific moments. These break the built-in protection that prevents the chip’s memory from being read by external devices. 

The trick allows the attacker to read critical wallet parameters, including the private key seed.

ALSO READ :  Coinbase Card Now Supports DAI Stablecoin

Though the seed is encrypted with a PIN-generated key, the researchers were able to brute force the combination in just two minutes. 

Likewise, the vulnerability is caused by the specific hardware used by Trezor, meaning that the company cannot easily fix it. It would need to completely redesign the wallet and recall all existing models.

Meanwhile, Kraken urged Trezor and KeepKey users to not allow anyone to physically access the wallet.

In a coordinated response published by Trezor, the team minimized the impact of the vulnerability. The company argued that the attack would show visible signs of tampering due to the need to open the device, while also noting that the attack requires extremely specialized hardware to perform.

However, the team finally suggested users activate the wallet’s passphrase feature to protect from such attacks. The password is never stored on the device as it is added to the seed to generate the private key on the fly.

ALSO READ :  David Marcus Says China Will Create A Digital Currency If US Rejects Libra

Kraken also noted that this is a viable alternative, though researchers referred to it as “a bit clunky to use in practice.”

Also, the feature adds significant responsibility to each user.

Thus, the passphrase needs to be complex enough to not be easily brute-forced as well and forgetting it would completely lock users out of their money.

Source: blog.kraken.com | cointelegraph.com


Disclaimer

Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

You May Also like

Ishita Bora

Ishita Bora is a Senior Content Creator at Digital Notice Media Labs with an experience of 1 year. She has completed her Master's Degree in Language and Linguistics in 2019 from Gauhati University, India. Her interest lies in blockchain technology and cryptocurrency space, as she loves writing about blockchain and other blockchain-related articles. Currently, she is working on blockchain-based news, reviews, featured articles, and guides.
Share This

Share This

Share this post with your friends!