Kraken Labs Crack Open Trezor Wallet In As Little As 15 Minutes

The Kraken Exchange, though relatively quiet in the mass media section, is still going, and going strong. One of its offshoots is the Kraken Labs, a firm dedicated to cybersecurity within the crypto industry. Quite recently, they’ve gone public with a popular hardware wallet’s exploit that can be cracked in 15 minutes if you know what you’re doing.

Hardware Fault In Model T And One

The exploit works with both the Trezor Model T and the Trezor One, and the vulnerability forces the wallet to expose its encrypted seed phrase stored on the device. With only a PIN protecting it, it can be brute-forced into revealing the seed phrase and make you capable of moving the funds inside the wallet with ease.

The hack itself gets explained in greater detail by way of Kraken Security Labs’ blog post. The hack itself exploits a very well known flaw within the Trezor wallet’s hardware. Due to where the vulnerability is based in, it makes it difficult to quickly address, unless Trezor completely redesigns and redistributes its wallets.

Hacked For As Little As $75

The blog post goes into detail about how the researchers used their specialist knowledge and equipment that was deemed “Several hundred dollars” worth to crack the device. What should be noted, though, should someone try to mass-produce the needed hardware, the overall cost of the equipment stands at about $75.

Trezor itself had to respond to the attack itself, as well and did so publically. The company officially acknowledged the risks that the attack poses it, dubbing it the Read Protection Downgrade Attack.

Crowd Control

As Trezor’s post explains, the attacker needs to gain access to the device itself, as well as create a specialized device capable of sending timed voltage glitches. Once this causes the system to malfunction, the attacker is capable of brute-forcing a 9-digit code that serves as a security measure.

Both Trezor and Kraken use this as grounds to encourage the usage of optional passphrases to protect a user’s holdings further. No matter how good a hacker is, if it’s locked behind a robust password and there’s no way around it, there’s nothing a hacker can do. Luckily, there’s no exploit to be made at the passphrase side of Trezor’s system, as well. However, until this matter is resolved, it should be considered the only security measure you have, should you own a Trezor wallet.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • Excellent choice for U.S. customers
  • Paypal accepted
  • CySEC & FCA regulated
  • Buy 12+ cryptocurrencies

eToro Reviews

    eToro Reviews your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Established stock-exchange listed company
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees and low spreads

    Plus500 Reviews

      Plus500 Reviews your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Views expressed are those of the writers only. Past performance is no guarantee of future results. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate. This website is free for you to use but we may receive commission from the companies we feature on this site.

      A journalist, with experience in web journalism and marketing. Ali holds a master's degree in finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of cryptocurrency publications.

      Leave a Reply

      Your email address will not be published. Required fields are marked *