InsideBitcoins.com

Kraken Labs Crack Open Trezor Wallet In As Little As 15 Minutes

The Kraken Exchange, though relatively quiet in the mass media section, is still going, and going strong. One of its offshoots is the Kraken Labs, a firm dedicated to cybersecurity within the crypto industry. Quite recently, they’ve gone public with a popular hardware wallet’s exploit that can be cracked in 15 minutes if you know what you’re doing.

Hardware Fault In Model T And One

The exploit works with both the Trezor Model T and the Trezor One, and the vulnerability forces the wallet to expose its encrypted seed phrase stored on the device. With only a PIN protecting it, it can be brute-forced into revealing the seed phrase and make you capable of moving the funds inside the wallet with ease.

The hack itself gets explained in greater detail by way of Kraken Security Labs’ blog post. The hack itself exploits a very well known flaw within the Trezor wallet’s hardware. Due to where the vulnerability is based in, it makes it difficult to quickly address, unless Trezor completely redesigns and redistributes its wallets.

Hacked For As Little As $75

The blog post goes into detail about how the researchers used their specialist knowledge and equipment that was deemed “Several hundred dollars” worth to crack the device. What should be noted, though, should someone try to mass-produce the needed hardware, the overall cost of the equipment stands at about $75.

Trezor itself had to respond to the attack itself, as well and did so publically. The company officially acknowledged the risks that the attack poses it, dubbing it the Read Protection Downgrade Attack.

Crowd Control

As Trezor’s post explains, the attacker needs to gain access to the device itself, as well as create a specialized device capable of sending timed voltage glitches. Once this causes the system to malfunction, the attacker is capable of brute-forcing a 9-digit code that serves as a security measure.

Both Trezor and Kraken use this as grounds to encourage the usage of optional passphrases to protect a user’s holdings further. No matter how good a hacker is, if it’s locked behind a robust password and there’s no way around it, there’s nothing a hacker can do. Luckily, there’s no exploit to be made at the passphrase side of Trezor’s system, as well. However, until this matter is resolved, it should be considered the only security measure you have, should you own a Trezor wallet.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies
4.5/5

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews

    https://insidebitcoins.com/visit/etoro-newsCreate your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees
    4.5/5

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews

      https://insidebitcoins.com/visit/plus500-newsCreate your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.
      Avatar

      A journalist, with experience in web journalism and marketing. Ali holds a master's degree in finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of cryptocurrency publications.