Kraken Security Labs Can Now Voltage Glitch Trezor Wallet Cryptocurrency Away
Using voltage glitching, Kraken Security Labs has found a way to crack the encrypted seeds in Trezor cryptocurrency hardware wallets.
Many individuals who own cryptocurrency have begun to use hardware wallets to enable two-factor authentication for their digital cryptocurrency. However, it's hard for any piece of technology to truly be secure as one of the largest hardware wallet providers, Trezor, is learning. Kraken Security Labs, a security affiliate of the cryptocurrency exchange Kraken, has recently found a way to crack Trezor Wallets encrypted seeds using voltage glitching.
Hardware wallets work by storing the encrypted seed offline. This means that the hardware wallet must be connected to your internet-enabled device in order for your digital coins to be spent. Trezor stores this encrypted seed inside their wallets that the owner can access if they put in the correct PIN. But, because of a flaw in the STM32F205 and STM32F427 microcontrollers, Kraken Security Labs has found a way to access the encrypted seed without knowing the PIN.
Kraken Security Labs does this by using a voltage glitch attack. Given at least 15 minutes they have proven that someone with physical access to your Trezor hardware wallet can both dump the non-volatile flash memory on the hardware wallet and retrieve the encrypted seed.
Currently, the only Trezor hardware wallets that have proven vulnerable are the Trezor One and Trezor Model T. If you have one of these devices you can protect yourself with this vulnerability by enabling a BIP39 Passphrase with Trezor Client. Learn more about Trezor wallets and Kraken Security Labs by reading their writeup on this security vulnerability here.