Kraken researchers cracked two hardware crypto wallets in 15 minutes

By: Ali Raza
Ali Raza
Ali plays a key role in the cryptocurrency news team. He loves travelling during his spare time and enjoys… read more.
on Feb 1, 2020
Updated: Mar 11, 2020
  • Security researchers from a crypto exchange Kraken recently discovered a glitch that allowed them to crack two crypto wallets in 15 minutes.
  • Both wallets are hardware wallets, made by Trezor, and the flaw allowed researchers to retrieve their encrypted seed phrases.
  • Kraken has notified Trezor after the flaw was discovered and allowed it time to resolve the issue while preparing solutions for those who already own flawed devices.

Cryptocurrency wallets are the safest place for coin users to store their funds. However, some wallets are supposed to be safer than others, with hardware wallets being at the very top due to their strong security, and the fact that they do not have a constant connection to the internet.

With that in mind, it was quite surprising for a lot of people when security researchers at the crypto exchange Kraken announced that they managed to crack two very popular crypto wallets in only 15 minutes. Both wallets were designed by Trezor, and they include Trezor One and Trezor Model T.

Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.

According to researchers, they managed to crack the wallets by exploiting a hardware glitch that the devices were created with. This means that any hacker who manages to gain physical access to someone’s wallets could extract the encrypted seed phrase that protects the users’ cryptos — provided that he has enough skill. As a result, they would gain full access to the device, and all the money stored within.

Is there a way to protect your funds?

In addition to revealing the wallets’ flaws, Kraken also offered two immediate solutions. The first one is rather obvious, and it revolves around not allowing anyone to gain physical access to the device. This implies keeping the wallet in a safe place where no one can easily find it.

The second solution would be to enable BIP39 Passphrase with the Trezor Client. Kraken admits that the passphrase is clunky and not efficient for practical use, but it is stored outside of the device, which means that no one can exploit the glitch to get it.

Even so, the majority of Trezor wallet users are likely not in any danger, as robbing them of their coins requires that the hacker gains physical access to the device, as well as for them to have sophisticated knowledge and expensive equipment. An experienced hacker could do it, provided that they could replicate the tools with materials that would cost around $75.

The flaw was allegedly discovered in October last year, but the researchers kept it under the radar in order to allow Trezor to fix the issue.

Invest in crypto, stocks, ETFs & more in minutes with our preferred broker, eToro
10/10
67% of retail CFD accounts lose money