With an article published a few hours ago Kraken Security Labs illustrated a security flaw that concerns one of the hardware wallets for cryptocurrencies hitherto considered among the safest; in a long post, published on its website, it is illustrated in detail how it is possible to subtract the recovery seed from both models currently on the market by trezor.
The thing is decidedly serious, even if, fortunately, in order to proceed with this type of attack it is necessary to subtract the device from the owner, that is to say physical access to the wallet; however, the attack takes about a quarter of an hour to complete and this opens up a whole series of problems because for an attacker the time required to take possession of the contents of a trezor wallet, in case of theft, is too fast and could do not allow the person who suffered the theft to recover a second device on which to recall the contents of the stolen wallet.
Until now, in fact, it was believed that even in the event of theft of the device it was not possible to access the wallet so it was sufficient to reconfigure, through the recovery seed, your own registry of private keys on a new trezor and the problem was substantially solved ; given that, however, it is not the case to tear your hair and panic if you have a trezor wallet, it is the first vulnerability of this type that emerged and it is not even a thing that you can not care about; as reported in the post on the Kraken website (found here) the attack is based on glitching the tension to extract the recovery seed.
It is true that this procedure requires some know-how (it is not within the reach of anyone, despite being well described in the post) and several hundred dollars of equipment, it is easy to believe that the criminals who target wallets (especially those of subjects whose possession of large amounts of money in cryptocurrencies are commonly known) are soon able to easily replicate the whole procedure.
Currently Trezor has not yet intervened on the issue, it is to be hoped, however, that it will soon be able to find a solution to this flaw, since at that point it is presumable to think that users will necessarily have to buy a new device if they want to maintain a high standard security in the way they keep their coins.
Useful link ALL TRUSTED:
- 1000 USDT Giveaway
- 1M FKX Giveaway
- 3 1.5 Million ROOBEE Giveaway
- Coinbase airdrop (50$): EOS- STELLAR
- Free BTC/ETH/DOGE multi-faucet (1 site, three crypto)
- Free Litecoin + Earn interest on holding
- Free Dogecoin+ Earn interest on holding
- Free Bitcoin+ Earn interest on holding
- Free Bitcoin Cash + Earn Interest on holding