The recent claim by US-based cybersecurity firm Unciphered about a successful breach of the popular Trezor T hardware crypto wallet has generated mixed responses in the cryptocurrency community. Unciphered, which specializes in recovering locked crypto in cases where passphrases are lost or forgotten, said they used their own “in-house exploit” method that allowed them to extract the wallet’s firmware, enabling them to crack the necessary pin code and seed phrase to gain access to the funds stored on the device. It should be noted that this breach was possible only due to a hardware vulnerability, requiring physical possession of the device and advanced tools and knowledge.
The Trezor T is a widely-used crypto hardware wallet, manufactured by the Czech Republic-based company Satoshi Labs. Following the news of the hack, crypto community members on Twitter were quick to point out that a similar breach was conducted by experts at the hardware wallet maker Ledger back in 2019. Among those who noticed the similarities was Rodolfo Novak, a Bitcoin community veteran and CEO of Bitcoin hardware wallet maker Coinkite.
Unciphered, however, stated that the previous vulnerability had already been addressed by Trezor, and that no other attempts have successfully hacked the updated version of the hardware wallet with its new firmware. This revelation led to further discussions on Twitter, with some users questioning the recent advice to move funds from Ledger hardware wallets to Trezor due to concerns related to Ledger’s new – and optional – “Recover” program. Crypto influencer Udi Wertheimer chimed in, recommending that users ensure their passphrase is strong and the device is up to date if they decide to continue using a Trezor device.
In response to the news of the hack, Trezor’s Chief Technology Officer Tomáš Sušánka acknowledged the breach in a media statement and informed that the attack appears to be a vulnerability called an RDP downgrade attack. Sušánka stated that this issue was addressed on the company’s blog in early 2020. He further emphasized that these types of attacks require not only physical theft of a device but also extremely sophisticated technological knowledge and advanced equipment.
The key takeaways from this event raise crucial questions about hardware wallet security for crypto enthusiasts. While there is an obvious risk associated with storing digital assets on hardware wallets, utmost caution must be exercised in terms of protection measures and keeping the device and its firmware up-to-date. Moreover, the need for strong passphrases becomes even more important, further emphasizing the responsibility of individual users in ensuring the safety of their digital assets.
Source: Cryptonews