Even though cryptocurrency firms and exchange platforms continue to create measures that tighten their security and reduce the likelihood of a breach, it would seem like nothing will ever permanently remove the risk. According to Kraken Security Labs, Trezor’s hardware wallet has a terrible flaw that will give a hacker access to funds held in less than 15 minutes.
A Few Details From Kraken
According to an official Kraken publication, the Trezor One and Tezor Model T wallets can easily be breached using thorough voltage glitching. Kraken states that even though initial research required some technical expertise and relatively pricey equipment, a much cheaper glitching device costing only $75 can easily be used to achieve the same results.
The hack requires the criminals to connect the hardware to this voltage glitching equipment. From here, hackers gain access to the wallet’s encrypted seed which Kraken specifies has little to no protection against brute force.
The publication further says that this process exploits “inherent flaws” that Trezor microcontrollers have. In simple terms, Trezor will probably be unable to fix the vulnerability remotely. The only way would be for the wallet to be redesigned, requiring all current Trezor wallet owners to buy new ones.
Trezor has published an official response to Kraken’s blog post. Trezor does not seem to dismiss the possibility of a hack, and actually admits that “all hardware is hackable and the question about physical attacks is not if they will happen, but when they will happen.” The company, however, states that regardless, less than 6% of all crypto holders are actually concerned about the possibility of a physical attack.
Firstly, it would go without saying that holders are to make sure that their wallets never get into the wrong hands. But even with that, Trezor suggests that the hack might not be as straightforward as portrayed because the hacker would require “specially designed hardware.”
In addition to this, Trezor says the remote possibility of a physical hack is the reason the Passphrase feature was created in the first place. The feature, when used, does not allow any access without first imputing the passphrase. Trezor says that the feature is an “exceptionally secure layer of active protection” that will make the wallet “impenetrable” if properly used.
Trezor, however, warns that if not used properly, holders could lose their funds.