Cold storage hardware wallets are considered to be the most secure way to hold Bitcoin and other cryptocurrencies. The main reason for that is because the private key is never exposed to the internet, unlike hot wallets.
Trezor is believed to be the most popular hardware wallet, together with Ledger. During last October of 2019, Kraken Security Labs had announced that they had found a critical weakness in a few of Trezor’s cryptocurrency hardware wallet devices, namely the Trezor One and Trezor Model T.
Today, they’ve released the details of this vulnerability, as well as how they managed to succeed in performing the attack.
“We responsibly disclosed the full details of this attack to the Trezor team on October 30, 2019. We are going public with this vulnerability disclosure now so that the crypto community can protect themselves before a fix is released by the Trezor team.” according to Kraken’s release.
While this isn’t the first that we’ve heard about a physical vulnerability on Trezor’s hard-wallet devices, this news leaves many wondering just how safe cryptocurrency hard-wallets genuinely are.
Kraken Identifies Major Trezor Vulnerability
Previously, Kraken has performed similar testing on KeepKey hard-wallets and other related devices, which all use the same family of computer chips.
However, according to Kraken, “These chips are not designed to store secrets, and our research emphasizes that vendors like Trezor and KeepKey should not solely rely on them to secure your cryptocurrency. “
In the release, Kraken announced, quite shockingly, that the attack takes advantage of an inherent flaw in the device’s micro-processing unit and.only takes a quick 15 minutes to perform from start to finish.
So in other words, Kraken has identified a physical vulnerability on these devices, making it virtually impossible for Trezor to address the problem without a complete re-design of their wallet devices.
Trezor’s Response To The Attack
As you would expect, Trezor has proven to be thankful for Kraken’s research into this vulnerability. In fact, they’ve been working hand-in-hand with Kraken ever since the vulnerability was first identified in October of 2019, and have also released a full report on the details of the vulnerability.
While most cryptocurrency holders are significantly more concerned about remote attacks, physical attacks are just as troublesome. According to Trezor, they believe that physical attacks should be treated with the same level of concern and urgency as remote attacks.
How To Prevent An Attack
To perform this type of attack, a hacker would need to gain access to your device and physically open it up to access its computer chip. Therefore, there are only two ways to prevent this type of attack.
The first and most obvious precaution is to ensure that your device is stored in a safe location. Depending on the value of the cryptocurrencies that you hold on your device, you might even want to consider storing it in a safe or under lock and key.
The second way to prevent this type of physical attack is to use Trezor’s passphrase feature. Although this feature isn’t very practical, since your passphrase will need to be rather long and cumbersome to remember, it is the only known way to ensure 100% protection from a physical attack on your crypto holdings.
Is My Cryptocurrency Safe?
While the news might be a bit disconcerting for cryptocurrency holders, rest assured that there’s no reason to panic, even if you’re using one of Trezor’s devices to store your cryptocurrency.
In the end, the important thing is to know is that companies like Kraken are on your side and that they’re working vigilantly to improve the safety of the entire crypto-community at large.
After all, as Pavol Rusnak, the CTO of Trezor’s manufacturer SatoshiLabs, said, “We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.”
The post Reason To Worry? Trezor Wallets Can Be Physically Hacked In Less Than 15 Minutes appeared first on CryptoPotato.