Cybersecurity startup Unciphered states it was able to hack into our trending Trezor T model hardware cryptocurrency wallet manufactured by Satoshi Labs.
In a YouTube demonstration, Unciphered showcased the apparent extraction of the wallet’s mnemonic seed phrase, or private key, exploiting a hardware vulnerability that relies on physical possession of the device.
This is not the 1st time Unciphered has seemingly managed to retrieve seed phrases from hardware wallets. In February, the company demonstrated a similar hack on a wallet manufactured by Hong Kong-based OneKey.
Hardware wallets, which store private keys offline and are designed to guard cryptocurrency assets, are traditionally considered highly secure. Unciphered stated, on the other hand, that the hardware security mechanisms of the Trezor T model can be theoretically bypassed if a hacker had a T wallet in possession.
The type of exploit depicted by Unciphered would only be feasible if the attacker had physical access to the hardware wallet.
In the video, the Unciphered team stated it developed an “in-house exploit” that allowed them to extract the wallet’s firmware. Eric Michaud, co- founder of Unciphered, argued that by leveraging specialized GPU chips, they were sooner or thereafter able to crack the device’s pin seed phrase.
Physical possession required for exploit to succeed
“We uploaded the firmware we extracted onto our high-performance computing cracking clusters,” Michaud stated in the video. “We have about 10 GPUs, and after some time, we extracted the keys.”
Michaud further argued that fixing this exploit for Trezor T would must have a recall of all their products.
Trezor did not instantly respond to a request for comment from The Block.
In an interview with CoinDesk, Trezor acknowledged that Unciphered’s demonstration had similarities with the Read Protection Downgrade (RDP) vulnerability realized by Kraken Security Labs researchers that influenced both the Trezor 1 and Trezor Model T. This implies that the vulnerability is not new.
Trezor further made it clear that such attacks would require physical theft of the hardware wallet device.