Bitcoin is a vulnerable asset. No matter how strong it seems to get, there is always some hacker out there looking to get their hands on BTC units they didn’t earn. Now, Kraken Security Labs – the cybersecurity firm of the San Francisco-based crypto exchange – has discovered a new way for cyberthieves to steal bitcoins, and it involves what has widely been considered one of the most secure wallets in the world.
Kraken Claims Trezor Is Dangerous
There is a serious problem that’s been found in the Trezor wallet that allows hackers to garner someone’s private keys in as little as 15 minutes. The worst news of all is that the problem cannot be fixed and that it arrives with each wallet, though there are ways users can protect themselves if they’re careful.
The best thing to do is garner a passphrase that’s not stored on the actual wallet itself. The company explained in a statement:
This passphrase is a bit clunky to use in practice but is not stored on the device, and therefore is a protection that prevents this attack. Trezor has known about these flaws since designing the wallets. This attack is very similar to our previous research against the Keep Key wallet, which is expected because the Keep Key is a derivative and all devices rely on the same family of chips.
It’s scary to think Trezor potentially knew about this flaw since the beginning – as Kraken has stated – and potentially did nothing about it. In addition, it appears the enterprise hasn’t done anything to warn its users about the flaw. Did they not know that people were this vulnerable, or did they just not care? Either way, people’s bitcoins have long been vulnerable to illicit interference, and the idea that this flaw is inherent makes the situation even more dangerous.
Trezor, at the time of writing, is acting like the problem is no big deal. In a recent statement, the wallet company explained that it’s still easy to keep one’s crypto secure using their devices. They said:
It’s important to note that this attack is viable only if the passphrase feature does not protect the device. A strong passphrase fully mitigates the possibilities of a successful attack.
The Flaw Can’t Be Helped
The company went on to say that carrying out an attack on a Trezor wallet is harder than it sounds, saying that a hacker would either need to remove the chip from the wallet itself or “attach connectors” to the wallet.
Kraken, however, tells a different story, claiming their researchers managed to break the encryption of a wallet in as little as two minutes. These are experienced researchers who work in the field of cybersecurity, thereby explaining the short period of time needed to do the deed, though they say experienced hackers likely wouldn’t be too far behind.