March 29, 2023

Kraken experts managed to extract a seed phrase from Trezor Bitcoin wallet in 15 minutes

Kraken Security Labs said they found a critical vulnerability in Trezor hardware wallets, opening up the ability to extract seed phrases within 15 minutes.

According to Kraken representatives, forTo carry out an attack, an attacker needs physical access to a Trezor One or Trezor Model T device and an inexpensive device that can cause a microcontroller to fail due to a voltage drop. The cost of such a device is approximately $ 75, experts say.

Kraken Security Director Nick Percoco emphasized that Trezor is aware of this vulnerability.

“The disadvantage lies in the hardware. You can’t just release an official update that would fix the problem for all users- Percoco said in a conversation with The Block. - To solve this problem, they essentially need to release a new device. ”

Shortly after the release of a Kraken blog post, Trezor reported that the attack could not be carried out remotely and was completely ruled out by enabling Passphrase.

“According to our research, physical access poses risks for 6-9% of users, - emphasized the developers of Trezor. - Attacks involving physical access are not widespread. ”

Recall, earlier, Kraken experts talked about a similar vulnerability in KeepKey hardware wallets. According to experts, these devices use the same chip family as Trezor.

Kraken is sure that those used in theseChips in their wallets were not originally designed to store sensitive information and, therefore, should not be the only means of protecting crypto assets. Specialists recommended users to set code phrases in order to protect themselves from unauthorized access as much as possible.