Kraken Security Labs has devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T.
The attack requires just 15 minutes of physical access to the device. This is the first time that the detailed steps for a current attack against these devices has been disclosed.
Here’s how we did it:This attack relies on voltage glitching to extract an encrypted seed. This initial research required some know-how and several hundred dollars of equipment, but we estimate that we (or criminals) could mass produce a consumer-friendly glitching device that could be sold for about $75. We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.
The attack takes advantage of inherent flaws within the microcontroller used in the Trezor wallets. This unfortunately means that it is difficult for the Trezor team to do anything about this vulnerability without a hardware redesign.
Until then, here is what you can do to protect yourself:Do not allow anyone physical access to your Trezor wallet You could permanently lose your crypto Enable Your BIP39 Passphrase with the Trezor Client This passphrase is a bit clunky to use in practice but is not stored on the device and therefore is a protection that prevents this attack.
This attack is very similar to our previous research against the KeepKey wallet, which is expected because the KeepKey is a derivative and all devices rely on the same family of chips. Trezor has known about these flaws since designing the wallets.
Other teams, like Ledger Donjon, have also performed variants of this attack, though the full details have not been made public until now.
These chips are not designed to store secrets and our research emphasizes that vendors like Trezor and KeepKey should not solely rely on them to secure your cryptocurrency.
We are fortunate ...