BSV
$52.6
Vol 29.41m
-0.39%
BTC
$94846
Vol 42998.03m
-2.38%
BCH
$442.28
Vol 305.75m
-2.58%
LTC
$98.9
Vol 736.09m
-2.13%
DOGE
$0.3
Vol 4355.53m
-4.11%
Getting your Trinity Audio player ready...

A group of security specialists have discovered that several popular cryptocurrency hardware wallets are vulnerable to compromise. The wallets have inherent weaknesses that could allow them to be attacked. The specialists have published their findings, but the manufacturers insist that there are no issues with the wallets.

The vulnerabilities, which could allow side-channel, supply-chain, microcontroller or firmware attacks, were identified by three researchers— Thomas Roth, Josh Datko and Dmitry Nedospasov. The researchers have designated the weaknesses as “wallet.fail” and assert that they are found in a number of hardware wallets, including the Trezor One, the Ledger Blue and the Ledger Nano S.

The trio demonstrated a proof of concept attack at the 35c3 conference held last month in Leipzig, Germany. They showed that the attacks can target firmware, software or hardware, as well as physical and architectural design flaws. According to the researchers, some vulnerabilities can only be countered by changing hardware or microcontrollers.

By installing a hardware implant that was combined with spyware into a device, the researchers will able to steal the PIN of the wallets. They were also able to load custom firmware, allowing them to create malicious transactions to send digital assets and to display fake transactions. Additionally, the researchers were able to steal PINs by intercepting radio signals and then flashing a separate device with special firmware that allowed them to gain access to the wallet’s private keys.

As is to be expected, the manufacturers have scoffed at the testing procedures used by the researchers, asserting that they weren’t very scientific. For its part, Ledger stated, “They did not succeed to extract any seed nor PIN on a stolen device. Every sensitive assets stored on the Secure Element remain secure. Don’t worry, your crypto assets are still secure on your Ledger device.”

Whether or not the testing was scientific, any possibility of a wallet being compromised should be seen as a threat and needs to be addressed appropriately. As with any device used to protect financial resources, hardware and software crypto wallets need to be tightly secured and users must ensure that they take all possible precautions to ensure that the wallets cannot fall into the wrong hands.

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement