- Does a successful hack mean that the wallet’s reputation has taken a blow?
- The main competitor’s reliability is also questionable
Unciphered, a cryptocurrency rescue and recovery company, has posted a video where the company’s experts say they have hacked a Trezor hardware crypto wallet. They claim to have breached the security system of the popular Trezor T wallet.
Does a successful hack mean that the wallet’s reputation has taken a blow?
On May 24, Unciphered uploaded a video where its experts extract a wallet’s mnemonic seed phrase and private key. The experts took the wallet to pieces in order to extract the circuit board. Then they connected the device to their laboratory equipment and extracted the firmware.
Powerful graphics processing units were used to extract the firmware.
Eric Michaud, co-founder of Unciphered, commented: “We uploaded the firmware we extracted onto our high-performance computing cracking clusters. We have about 10 GPUs … and it took a little while but we extracted the PIN.”
According to him, Unciphered managed to hack the wallet by using an exploit that they developed in-house. The hackers also wrote an “extremely hard” custom code.
He also added that the problem cannot be fixed by updating the firmware. “In order to fix this, Satoshi Labs would have to recall all of their products, which they’re likely not going to do,” he commented.
In response, Trezor commented that its experts had not received sufficient information about the hack. The company said that it seemed to be a Read Protection downgrade attack — a problem which they disclosed in the beginning of 2020.
“The RDP Downgrade attack is a precise attack that targets the hardware vulnerability of STM32 microchips used in the Trezor One and Trezor Model T hardware wallets,” the company wrote in early 2020.
Moreover, such an attack can only be performed if the device itself is stolen and requires “extremely sophisticated technological knowledge and advanced equipment.”
The main competitor’s reliability is also questionable
The problem was revealed only a week after Trezor’s competitor — Ledger — got involved into another scandal. They were criticized for launching a recovery service that gave them control over the storage of seed phrases. Ledger co-founder and former CEO, Éric Larchevêque, commented that the device was not trustless, while the current CEO, Pascal Gauthier, admitted the mistake and apologized for the security concerns.
It seems that there is not a single completely safe hardware wallet out there nowadays, no matter what their producers keep saying.
