Trezor has responded to the latest ‘revelation’ that their wallets can be hacked by saying that a strong password will negate the threat. Kraken Security Labs managed to crack the security on a Trezor wallet and get into it, but Trezor has reacted calmly to the news, stating that such an attack is so remote it is hardly viable in the real world.
Kraken Opens up the Trezor Chest
Kraken posted a video and a blog post on Friday which described how their security experts had exploited a “critical flaw” in Trezor’s series of hardware wallets and extracted the seed phrase using a process called voltage glitching.
The post explained how, with just 15 minutes’ physical access to the wallet and $75 worth of computer equipment, they were able to crack the encrypted seed and gain access to the wallet. They also claim they informed Trezor of the exploit back in October of last year, but Trezor’s lack of response has forced them to go public.
Kraken Exposes Physical Design Flaws
The Kraken team go into heavily technical details to explain how they managed to hack into the wallet, which for obvious reasons we won’t do here, save to say that involves taking advantage of “inherent flaws within the microcontroller”.
Kraken adds that the method is very similar to the one it used to hack on Keepkey wallets in December last year, stating that they were able to exploit Trezor’s security features despite the company having “implemented significant mitigations against a variety of previous hardware attacks”. This is not the first time Trezor wallets have been exploited in such a way, with Ledger security experts demonstrating how they managed to break into Trezor wallets in March last year.
Strong Passphrase “Fully Mitigates Threat”
Trezor responded the very same day with a rebuttal to Kraken’s findings, stating in a blog post that such an attack would require “specialized hardware, knowledge, and physical access” to the wallet, and, crucially that “a strong passphrase fully mitigates the possibilities of a successful attack.”
Trezor also goes to lengths to explain that different “threat levels” exist with different wallet types, and for most people the threat level is a hack of their crypto wallet through online methods, be it an exchange hack or a remote hack of their wallet.
Trezor cite their own research which states that on 6% of people are worried about physical attacks of their wallet, given the unlikely nature of such an event – the odds of a suitably sophisticated hacker getting his hands on the right wallet type are extremely unlikely.
Keep it Safe and Have a Strong Password
While Kraken’s successful hack on the Trezor wallet is proof that no crypto wallet is one hundred percent foolproof, it also shows the lengths needed to go to in order to enact a physical hack. Keeping your wallet safe and making sure it has a strong passphrase will more or less ensure that your funds will remain safe for years to come.