Bitcoin Developer Says Crypto Hardware Wallets Can Also Be Hacked at ‘Advancing Bitcoin’ Event
The number of crypto coins hacked in 2018 was worth billions in dollars. A good number of the hacks launched targeted digital currency exchanges, the resulting loss was close to $ 1 billion. This has spiked a series of arguments with one team advocating for the use of digital wallets as opposed to entrusting centralized exchanges with crypto funds. However, going by the view of one experienced developer in this field, a shift to personal crypto management is not a guarantee from hacking!
Today, most crypto HODLers opt for digital and hardware wallets to store their funds. The hardware wallets have been considered as the most secure with leading players such as Trezor, Casa and Ledger. Stepan Snigirev, a BTC developer, is of the opinion even these types of crypto wallets are prone to hackers.
Snigirev is conversant with the crypto hardware wallets having to be an owner and developer of the same. His initial project involved integrating SD card and Arduino card with added features of multisig and QR code compatibility. The Bitcoin developer was once in the field of quantum computing and gave assuring sentiments that it would take at least two decades for these machines to crack crypto.
However, digital asset holders need to be aware of several vulnerabilities their coins are exposed to even when stored in hardware wallets.
One of the popular approaches according to Snigirev is ‘supply-chain hack. Basically, the hardware wallets are compromised while still under the development phase. This may paint a picture of accessing factories while at it but it can be achieved in more simple ways.
Hackers have taken their game a notch higher by hiring resources to create duplicate hardware wallets. Snigirev explained that they later sell these counterfeits to unsuspecting buyers to siphon their crypto funds. The devices are built to leak private keys instead of maintaining privacy, it is then that the hackers are able to decode and access the digital assets. Cryptocurrency holders can only be safe from this type of tech risk by purchasing wallets from official channels/vendors.
Another way one could lose their funds is by misplacing the hardware wallet. Snigirev says that hackers that come across the device can compromise its security through ‘voltage glitching’. This involves the use of electricity to breach the ecosystem by causing bugs. In some cases, hackers only use a jolt of electricity to acquire private information exposing the wallet holder to financial risk.
Assuming voltage glitching does not deliver, a hacker can decide to use ‘decapping’ instead. It would require them to dissect the hardware wallet physically an acquire some parts of the wallet’s interior. This is followed by gradual drops of nitric acid poured on the computer chips to attain a temperature of 212 Fahrenheit. The chip under this condition will spill information while hackers are trying to reset the password through a UV or laser pinpoint to its memory part. Clearly, the above techniques are demanding in terms of resources hence not attainable by small-time hackers.
The good part about this challenge is already built technologies that can avert hacking attempts with great efficiency. A number of hardware wallets have been built with hard to compromise coding languages. Trezor’s product falls in this range, the wallet is coded in micropython, a language that prides in robustness today. The only disadvantage with Trezor’s infrastructure is having a closed source making very expensive due to the shell out of license fees by manufacturers.
Snigirev, however, pointed out that a language known as Embedded Rust is currently a work in progress for the open source community. The language is said to have features that make it hard to crack. Other forms of reacting to hackers have been the addition of random schedules or noises to make the ecosystem hostile to hacking attempts. Despite this, Snigirev’s comments can be summarized to mean that any system is vulnerable to hacking.