Home Major flaw detected in Keepkey hardware wallet
Crypto News

Major flaw detected in Keepkey hardware wallet

FX Street
Updated:
  • A recent Kraken’s blog post discussed a severe flaw present in all of the Keepkey hardware wallets. Kraken’s security research wing stated that it discovered a way to hack seeds from Keepkey wallets.
  • A seed phrase is a string of random words that enables owners to recover their cryptocurrency wallets. Anyone with access to seeds can gain access to crypto funds that are stored on a wallet.

The US exchange found that Keepkey devices have an issue related to their microcontrollers. Kraken claimed that people with access to victims’ crypto wallets were able to use specialized hardware to read their encrypted seeds. For this, the hacker would also need to figure out wallets’ pin code through brute force. The configured issue now lies in all the Keepkey wallets that are in circulation.  

Kraken said:

This, unfortunately, means that it is difficult for the KeepKey team to do anything about this vulnerability without a hardware redesign.

Keepkey dismissed Kraken’s findings based on its lack of relevance. In June, the trading platform said that Keepkey can protect users’ funds from malware, viruses or attack vectors or remote hackers trying to steal private keys. However, the company is as helpless as any other wallet firm when it comes to protecting clients’ devices from physical attacks.  

ShapeShift, which supports Keepkey as its premier wallet on its crypto-to-crypto exchange, wrote:

If somebody else has physical access to your device “” as well as the time, skill, and tools necessary “” they will always be able to command the device to do whatever they want, bypassing any digital lock that exists. Again, this is true of any hardware wallet.

Charles Guillemet, the chief security officer at Ledger, claimed that hackers could guess Keepkey’s wallets’ passphrase in a few seconds by trying different combinations. Kraken repeated the same evidence in its blog post, leading ShapeShift to publish an eleven-step manual to fix the issue.  

Guillemet recommends using passphrases comprised of at least 32 digits made up of a unique combination of numbers, symbols, as well as upper and lower-case letters”¦With a sufficiently-long passphrase, if an attacker takes the data off your device, they’ll never be able to unlock it. Your PIN and your passphrase keep your funds “” safe.

 

FX Street

FX Street

FXStreet is the leading independent portal dedicated to the Foreign Exchange (Forex) market. It was launched in 2000 and the portal has always been proud of their unyielding commitment to provide objective and unbiased information, to enable their users to take better and more confident decisions.

WARNING: The content on this site should not be considered investment advice and we are not authorised to provide investment advice. Nothing on this website is an endorsement or recommendation of a particular trading strategy or investment decision.  The information on this website is general in nature, so you must consider the information in light of your objectives, financial situation and needs. Investing is speculative. When investing your capital is at risk. This site is not intended for use in jurisdictions in which the trading or investments described are prohibited and should only be used by such persons and in such ways as are legally permitted. Your investment may not qualify for investor protection in your country or state of residence, so please conduct your own due diligence or obtain advice where necessary. Crypto promotions on this site do not comply with the UK Financial Promotions Regime and is not intended for UK consumers. This website is free for you to use but we may receive a commission from the companies we feature on this site.

© forexcrunch.com All Rights Reserved 2017 – 2024