Bitcoin hardware wallets are thought to be one of the most secure ways people can store their bitcoin and other cryptocurrencies—but they aren’t perfect.
The bitcoin price is fast climbing towards $10,000, hitting fresh year-to-date highs of $9,900 over the last 24-hour trading period, and bitcoin buyers are keen to keep their bitcoin as safe as possible.
However, Kraken Security Labs, part of the San Francisco-based Kraken bitcoin and cryptocurrency exchange, has warned the widely-used Trezor bitcoin hardware wallet has a “critical” flaw—with hackers able to extract the wallet’s private keys in just 15 minutes.
Bitcoin and cryptocurrency is often stolen from exchanges but hardware wallet hacks are far more … [+]
Trezor users have been warned the flaw is inherent to the wallet hardware and cannot be fixed but bitcoin and crypto holdings can be protected if a passphrase that’s not stored on the device is used.
“This passphrase is a bit clunky to use in practice but is not stored on the device and therefore is a protection that prevents this attack, researchers at Kraken Security Labs wrote in a blog post revealing the flaw, and adding, “Trezor has known about these flaws since designing the wallets.”
“This attack is very similar to our previous research against the KeepKey wallet, which is expected because the KeepKey is a derivative and all devices rely on the same family of chips.”
In response, the Trezor team played down the seriousness of the flaw, arguing users are able to keep their bitcoin and crypto assets secure.
“It’s important to note that this attack is viable only if the passphrase feature does not protect the device,” Trezor said. “A strong passphrase fully mitigates the possibilities of a successful attack.”
To carry out the hack, attackers would need to either extract the hardware wallet’s chip or attach connectors to the device.
A so-called glitcher device can then be used to break the built-in protection that prevents the chip’s memory from being read by external devices and allows the attacker to read the wallet’s private key seed.
The seed’s encryption can then be broken with brute force, with Kraken researchers managing it in just two minutes.
The sharp rise in the bitcoin price over the last few years has meant bitcoin wallets have become a … [+]
Hacks of bitcoin and cryptocurrency exchanges, where many bitcoin uses store their crypto assets, have become commonplace in recent years, rising in tandem with the surging bitcoin price.
Last year, the world’s biggest bitcoin and cryptocurrency exchange Binance reported its largest ever hack, with some $40 million worth of bitcoin stolen.
Elsewhere, Seychelles-based bitcoin futures exchange BitMEX has sparked panic among bitcoin traders and investors in November last year after accidentally exposing thousands of its users’ emails–with the exchange’s Twitter account then compromised shortly after.