US-based cyber security firm Unciphered claims to have successfully hacked the Trezor T hardware crypto wallet by exploiting a hardware vulnerability.
The popular hardware wallet breach was made possible by physically isolating the device using highly specialized equipment.
Breaching a hardware wallet, in other words, would only work if the attacker had physical possession, as well as access to advanced tools and knowledge.
Unciphered, which specializes in recovering locked crypto in cases where for example passphrases have been lost or forgotten, said they used their “in-house exploit” method that allowed them to extract the wallet’s firmware. Got permission.
This eventually enabled them to crack the required PIN code and seed phrase, thus gaining access to funds stored on the device, the firm claimed.
The Trezor T is one of the most popular crypto hardware wallets on the market today, and is created by Satoshi Labs, a Czech Republic-based company.
The full process of extracting the seed phrase from the Treasure was published on YouTube by Unciphered:
As soon as news of the hack broke out, members of the crypto community on Twitter were quick to point out that a similar hack was carried out in 2019 by experts at the hardware wallet maker. Ledger,
Among those pointed out is Rodolfo Novak (also known as NVK), a veteran of the bitcoin community and also the CEO. bitcoin hardware wallet Manufacturer Concite.
According to Unciphered, however, the old vulnerability has already been addressed by Trezor, and no one else has yet hacked the updated version of the hardware wallet with its new firmware.
Meanwhile, others on Twitter took the opportunity to question the advisability of some people moving funds from Ledger hardware wallets to Trezor last week. Concerns Related to Ledger’s New – and Alternative – “Recovery” Program,
,[…] if you have [a Trezor] You can keep it just make sure you have a strong passphrase and keep it up to date,” said popular crypto influencer Udi Wertheimer.
Addressing news of the hack, Tomas Susanka, Trezor’s chief technology officer, said in a media statement that the attack “appears to be a vulnerability known as an RDP downgrade attack. […],
he said it was sent on the company’s blog in early 2020, and noted that these types of attacks require “physical theft of the device and extremely sophisticated technical knowledge and advanced equipment.”