Trezor Hardware Fixes the ‘Critical Flaw' Found by Kraken Security Labs

  • Kraken Security Labs had been able to extract seeds from both Trezor One and Trezor Model T
  • Kraken discloses the vulnerability to Trezor in Oct. 2019 and as the hardware wallet team had found the fix, Kraken made the flaw public

In shocking news, cryptocurrency exchange Kraken’s Security Labs announced that they were able to find a “critical flaw” in Trezor hardware wallets.

Kraken Security Labs announced on Friday that they have devised a way to extract seeds from both crypto hardware wallets of Trezor One and Trezor Model T.

The attack relies on voltage glitching to extract an encrypted seed that required several hundred dollars of equipment but could be mass-produced at $75. This encrypted seed which is protected by a 1-9 digit PIN, was then cracked which is “trivia to brute force.”

The team reveals that the attack took advantage of inherent flaws within the microcontroller used in Trezor wallets, meaning it is difficult for the Trezor team to do anything about this vulnerability at least without a hardware redesign.

Fix released by the Trezor team

A couple of weeks back, Kraken co-founder and CEO Jesse Powell advised that people shouldn’t store their coins on any cryptocurrency exchange even on Kraken, rather they should use Ledger or Trezor.

And now the Kraken Security Labs has found a vulnerability that means even hardware wallets aren’t safe either.

But there is a solution. Do not allow anyone physical access to your Trezor wallet or you could permanently lose your crypto.

Well, Trezor has found the fix and released it because as Kraken states, they “disclosed the full details of this attack to the Trezor team on October 30, 2019.” It continued,

“We are going public with this vulnerability disclosure now so that the crypto community can protect themselves before a fix is released by the Trezor team.”

Do hardware wallets remain the best option?

The user must enable the BIP39 Passphrase with the Trezor Client because it is not stored on the device, this can prevent the attack.

Passphrase feature is an “exceptionally” secure layer of active protection against physical attacks, said Trezor in its response to the attack.

It is not stored anywhere on the device and is used only temporarily whenever you enter it. The passphrase is case sensitive and it belongs with recovery seed.

However, Crypto Twitter was aghast to hear the news but Trezor tried to calm everyone and clarified,

“Trezor is an open-source hardware wallet: we indeed don't use a secure element to let anyone verify our code, but that is also why the Passphrase feature exists – to fully mitigate the physical attacks, which are a case for 6-9% of people according to our research.”

While assuage any concerns of having such vulnerability itself, Trezor competitor Ledger stated, “Not to worry: we're not affected by this as we use a Secure Element.”

Ledger also emphasized that despite this, “Hardware wallets remain the best option for keeping your crypto safe.”

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

AnTy
AnTy
AnTy has been involved in the crypto space full-time for over two years now. Before her blockchain beginnings, she worked with the NGO, Doctor Without Borders as a fundraiser and since then exploring, reading, and creating for different industry segments.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,437FansLike
2,795FollowersFollow
4,190FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Crypto Crimes Soaring to $1.4 Billion in 2020; COVID-19 Related Frauds also Emerging

During the first five months of 2020, losses from cryptocurrency hacks, thefts, and frauds spiked to about $1.4 billion, as per the report from...

Crypto Ratings Council May Rate Tron (TRX), Polkadot (DOT), and Nervos (CKB) Token As Securities: Unofficial Report

Quick look: The Crypto Rating Council (CRC) preliminary reports show three altcoins – Tron (TRX), Polkadot (DOT), and Nervos Network (CKB) are highly likely...

Coinbase Drops APY for USDC Stablecoin from 1.25% to 0.15% Starting Today

Coinbase has said that it will reduce the annual rewards on holding USDC stablecoins by 88% in a recent email announcement. The firm noted...

The 5th Largest Mining Pool Sold $23 Million Bitcoin at $10k Before the Dump

On June 1st, the price of bitcoin soared to $10,430 and remained above $10k until the dump yesterday took it down to $9,150 on...

ConsenSys Backed Blockchain Media Startup, Civil, Shuts Down; ‘Failed to Sustain Ourselves'

Civil, the blockchain-based media startup, is shutting down according to blog post announcement by the company's CEO, Mathew Iles. The team will be joining...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today