1. Home
    2. /Bitcoin Holders Beware! Kraken Security Finds A Way to Break Into Trezor Wallets

    Bitcoin Holders Beware! Kraken Security Finds A Way to Break Into Trezor Wallets

    The security unit of the leading San Francisco-based cryptocurrency exchange, Kraken said on Friday it has identified a critical vulnerability in two hardware wallets from Trezor – the Trezor One and Trezor Model T.  According to the announcement, Kraken Security Labs devised a strategy which enabled them to extract seeds from both wallets within 15 ... Read more

    Updated Apr 24, 2024
    Ibiam Wayas

    Author by

    Ibiam Wayas

    Bitcoin Holders Beware! Kraken Security Finds A Way to Break Into Trezor Wallets

    The security unit of the leading San Francisco-based cryptocurrency exchange, Kraken said on Friday it has identified a critical vulnerability in two hardware wallets from Trezor – the Trezor One and Trezor Model T. 

    According to the announcement, Kraken Security Labs devised a strategy which enabled them to extract seeds from both wallets within 15 minutes of physical access to the device.

    While explaining the process, the exchange’s security unit said they were able to extract the encrypted seed using the attack, which it says, relies on voltage glitching. Through this, they cracked the encrypted seed.

    Although a 1-9 digit PIN normally secures the encrypted seed, it was trivial to brute force, according to Kraken Security Labs. Also, the attack took advantage of inherent flaws in the microcontroller used in both wallets, thereby making it difficult for the Trezor team to resolve unless it redesigns the hardware.

    This initial research required some know-how and several hundred dollars of equipment, but we estimate that we (or criminals) could mass-produce a consumer-friendly glitching device that could be sold for about $75.

    Although this is the first “detailed steps for a current attack against these devices,” the report today by the exchange is probably not for wrongdoings, however, to protect and shade users from future hacks which could result in loss of lifetime earnings.

    Here’s How to Stay Safe

    Until the Trezor team is able to redesign the hardware, Kraken urged users not to allow anyone physical access to their Trezor wallet, as they could end up losing their funds.

    Also, Trezor wallet users are advised to enable a BIP39 passphrase, although it can be clunky to use. However, it can prevent such an attack, given that it is not stored on the device. 

    Trezor has responded to the development, stating that users are immune to the attack if they can enable a passphrase feature on the wallets. 

    Ibiam Wayas

    Ibiam Wayas

    Editor

    Ibiam Wayas is an optimistic crypto news reporter who also enjoys graphics designing and tech writing. He is an introvert and loves to associate with like minds working on similar goal and ambitions. Ibiam spends much of his time on the internet studying facts that will help him excel in the digital economy.