Cybersecurity startup Unciphered posted a video on YouTube demonstrating the successful hacking of the popular Trezor T crypto wallet from Satoshi Labs.
The company’s experts developed an “internal exploit” that allowed them to extract the wallet’s firmware and, using specialized GPUs, cracked the device’s seed phrase.
“We have about 10 GPUs and after a while we pulled the keys,” Unciphered co-founder Eric Michaud said in the video.
The company noted that the hardware security mechanisms of the Trezor T model can theoretically be bypassed if a hacker has physical access to the wallet. According to Michaud, in order to fix this exploit in the Trezor T, it will be necessary to recall all released devices.
Previously, Unciphered demonstrated a similar wallet hack made by the Hong Kong company OneKey.
Trezor said that the vulnerability found by experts, obviously, is Read Protection Downgrade (RDP) attack. It allows, by influencing the STM32 chip, to obtain a seed phrase for recovery, and then decrypt its PIN code using the method brute force.
This vulnerability was discovered back in October 2019 by Kraken Security Labs researchers. She affected the Trezor T and Trezor One models.
Trezor CTO Tomasz Sushanka noted that such attacks require the physical theft of the device, extremely deep technological knowledge and modern equipment.
“Even with the above, Trezor can be secured with a strong passphrase, which adds another layer of security that makes downgrading RDP useless,” he added.
To solve this problem, Trezor, together with a subsidiary of Tropic Square, developed secure microchip for hardware wallets. The item is currently being tested.
Cryplogger previously reported that attackers stole $30,000 in bitcoin through a fake hardware wallet.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!
Cybersecurity startup Unciphered posted a video on YouTube demonstrating the successful hacking of the popular Trezor T crypto wallet from Satoshi Labs.
The company’s experts developed an “internal exploit” that allowed them to extract the wallet’s firmware and, using specialized GPUs, cracked the device’s seed phrase.
“We have about 10 GPUs and after a while we pulled the keys,” Unciphered co-founder Eric Michaud said in the video.
The company noted that the hardware security mechanisms of the Trezor T model can theoretically be bypassed if a hacker has physical access to the wallet. According to Michaud, in order to fix this exploit in the Trezor T, it will be necessary to recall all released devices.
Previously, Unciphered demonstrated a similar wallet hack made by the Hong Kong company OneKey.
Trezor said that the vulnerability found by experts, obviously, is Read Protection Downgrade (RDP) attack. It allows, by influencing the STM32 chip, to obtain a seed phrase for recovery, and then decrypt its PIN code using the method brute force.
This vulnerability was discovered back in October 2019 by Kraken Security Labs researchers. She affected the Trezor T and Trezor One models.
Trezor CTO Tomasz Sushanka noted that such attacks require the physical theft of the device, extremely deep technological knowledge and modern equipment.
“Even with the above, Trezor can be secured with a strong passphrase, which adds another layer of security that makes downgrading RDP useless,” he added.
To solve this problem, Trezor, together with a subsidiary of Tropic Square, developed secure microchip for hardware wallets. The item is currently being tested.
Cryplogger previously reported that attackers stole $30,000 in bitcoin through a fake hardware wallet.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!
