A recent study by Kraken Security Labs revealed a major security flaw in the Trezor hardware wallet. According to the report, they managed to extract the cryptographic seeds out of the Trezor One and the Trezor Model T wallets.
Easy to Access
According to the report by Kraken, if someone has physical access to your wallet and enough knowledge, they could break into a wallet in 15 minutes using a specialized tool that costs just $75. The study also revealed there was nothing that Trezor could do about the security flaw. To patch this issue, they would need to overhaul the entire wallet.
It was revealed that the flaw is contained in a pair of micro-controllers that the Trezor wallets use to store the cryptographic seeds. With basic voltage glitching, the experts at Kraken were able to corrupt these micro-controllers and extract their content. They could then compromise the wallet using a brute force attack in just two minutes.
As a result, the Kraken researchers concluded that the two controllers should not be used to store sensitive details. Kraken claims that Trezor has known about this security flaw for a long time. The flaw was first revealed by Ledger in July 2019. Their study concluded that this flaw existed in all the KeepKey and Trezor wallets.
Trezor Dismisses the Issue
According to Trezor, the flaw is not important since none of these attacks can be executed remotely. The only way to carry out such an attack is to have physical access the device. Even then, one would need specialized equipment, time, and expertise to carry out the attack. Essentially, that means a hacker would need 25 minutes of their time, access to a tool that costs $75 and reading the step-by-step guide published online by Kraken.
T stay safe, users of KeepKey and Trezor should ensure that their wallet is stored securely. If they hold a significant amount of crypto in their wallet, it might be a good idea to store it in a bank deposit box. Besides that, users need to enable the BIP39 passphrase that is enabled using the Trezor Client. This ensures that even when a hacker accesses the hardware wallet, their crypto will remain safe.