Home 15 minutes. That’s how long it took Kraken to hack Trezor’s wallets
Crypto News

15 minutes. That’s how long it took Kraken to hack Trezor’s wallets

FX Street
Updated:
  • Kraken disclosed hardware flaws in both the flagship products of Trezor – Trezor One and Trezor Model T.
  • Though it took less time, the hack wasn’t “easy” as it needed about 15 minutes of “physical access” to the device and a few specialized equipments.

Crypto exchange Kraken’s cybersecurity division has disclosed a hardware flaw in both the flagship products of Trezor – Trezor One and Trezor Model T. In a blog post, the exchange said that it took them just 15 minutes to hack both the wallets. They did admit that the process wasn’t “easy” because the described method needed about 15 minutes of “physical access” to the device and a few specialized equipments.

The exchange said that it used voltage glitching to extract the encrypted seed from all the devices. The blog post noted that after extracting the seed, it brute-forced the encryption, which was trivially easy to do. The attack took advantage of “inherent flaws within the microcontroller used in the Trezor wallets.” According to Kraken, Trezor’s team will have a tough time resolving this issue “without a hardware redesign.” 

The exchange spent hundreds of dollars on equipment to carry out the hack but figured such a device could be sold for $75 if mass-produced. Kraken has contacted Trezor about this vulnerability. Pavol Rusnak, CTO of Trezor developer SatoshiLabs, reportedly said:

We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.

Kraken Security Labs claims to “try to discover attacks against the crypto community before the bad guys do” and having “responsibly disclosed the full details of this attack to the Trezor team on October 30, 2019.” The reason to go public with this issue is cited as “so that the crypto community can protect themselves before a fix is released by the Trezor team.”

Trezor responded to this, stating that device holders must use strong passphrases to keep their devices secure. In a blog post, Trezor said:

Over the six years of existence of SatoshiLabs, we have dedicated a majority of our resources into mitigating remote attacks, and we have designed devices that are fully resistant to all online threats. We always knew that all hardware is hackable and the question about physical attacks is not if they will happen, but when they will happen.

 

FX Street

FX Street

FXStreet is the leading independent portal dedicated to the Foreign Exchange (Forex) market. It was launched in 2000 and the portal has always been proud of their unyielding commitment to provide objective and unbiased information, to enable their users to take better and more confident decisions.

WARNING: The content on this site should not be considered investment advice and we are not authorised to provide investment advice. Nothing on this website is an endorsement or recommendation of a particular trading strategy or investment decision.  The information on this website is general in nature, so you must consider the information in light of your objectives, financial situation and needs. Investing is speculative. When investing your capital is at risk. This site is not intended for use in jurisdictions in which the trading or investments described are prohibited and should only be used by such persons and in such ways as are legally permitted. Your investment may not qualify for investor protection in your country or state of residence, so please conduct your own due diligence or obtain advice where necessary. Crypto promotions on this site do not comply with the UK Financial Promotions Regime and is not intended for UK consumers. This website is free for you to use but we may receive a commission from the companies we feature on this site.

© forexcrunch.com All Rights Reserved 2017 – 2024