Crypto Wallet: In a recent development, US-based cybersecurity firm Unciphered has announced a successful hack into a Trezor T hardware crypto wallet by exploiting a hardware vulnerability. This breach of the popular hardware wallet was only achievable through physical access to the device using specialized tools.
Unciphered, known for recovering locked cryptocurrencies in cases of lost or forgotten passphrases, utilized their own “in-house exploit” method to extract the wallet’s firmware. By doing so, they were able to crack the required pin code and seed phrase, ultimately gaining access to the funds stored on the device.
Trezor T, manufactured by Czech Republic-based company Satoshi Labs, is widely recognized as one of the leading crypto hardware wallets on the market today. Unciphered has documented the entire process of extracting the seed phrase from the Trezor T on YouTube.
Upon news of the hack, members of the crypto community on Twitter were quick to highlight a similar hack carried out in 2019 by experts at hardware wallet maker Ledger. However, Unciphered claims that Trezor has already addressed the previous vulnerability, and no one has hacked the updated version of the hardware wallet with its new firmware.
Twitter users took this opportunity to question the advice given last week, suggesting a move from Ledger hardware wallets to Trezor due to concerns regarding Ledger’s optional “Recover” program.
In response to the hack, Trezor’s Chief Technology Officer, Tomáš Sušánka, stated that the attack appears to be an RDP downgrade vulnerability. He further explained that this vulnerability was communicated on the company’s blog in early 2020 and emphasized that such attacks require physical theft of the device, as well as extensive technological knowledge and advanced equipment.
In conclusion, the successful hack of the Trezor T hardware crypto wallet raises concerns about the security of even well-regarded hardware wallets. Users are advised to remain vigilant, utilize strong passphrases, and keep their devices up to date. The development highlights the ongoing need for robust security measures within the cryptocurrency ecosystem.