Cybersecurity firm hacks Trezor T wallet seed phrase

Cybersecurity firm hacks Trezor T wallet seed phrase

Cybersecurity startup Unciphered claims to have hacked into the Trezor T model hardware crypto wallet, showcasing the extraction of the wallet’s mnemonic seed phrase through a physical exploit that requires possession of the device.

Cyber­se­cu­ri­ty start­up Unci­phered states it was able to hack into our  trend­ing Tre­zor T mod­el hard­ware cryp­tocur­ren­cy wal­let man­u­fac­tured by Satoshi Labs.

In a YouTube demon­stra­tion, Unci­phered show­cased the appar­ent extrac­tion of the wallet’s mnemon­ic seed phrase, or pri­vate key, exploit­ing a hard­ware vul­ner­a­bil­i­ty that relies on phys­i­cal pos­ses­sion of the device.

This is not the 1st time Unci­phered has seem­ing­ly man­aged to retrieve seed phras­es from hard­ware wal­lets. In Feb­ru­ary, the com­pa­ny demon­strat­ed a sim­i­lar hack on a wal­let man­u­fac­tured by Hong Kong-based OneKey.

Hard­ware wal­lets, which store pri­vate keys offline and are designed to guard cryp­tocur­ren­cy assets, are tra­di­tion­al­ly con­sid­ered high­ly secure. Unci­phered stat­ed, on the oth­er hand, that the hard­ware secu­ri­ty mech­a­nisms of the Tre­zor T mod­el can be the­o­ret­i­cal­ly bypassed if a hack­er had a T wal­let in pos­ses­sion.

Apple Is Get­ting Into Cryp­to!

The type of exploit depict­ed by Unci­phered would only be fea­si­ble if the attack­er had phys­i­cal access to the hard­ware wal­let.

In the video, the Unci­phered team stat­ed it devel­oped an “in-house exploit” that allowed them to extract the wallet’s firmware. Eric Michaud, co- founder of Unci­phered, argued that by lever­ag­ing spe­cial­ized GPU chips, they were soon­er or  there­after able to crack the device’s pin seed phrase.

Physical possession required for exploit to succeed

We uploaded the firmware we extract­ed onto our high-per­for­mance com­put­ing crack­ing clus­ters,” Michaud stat­ed in the video. “We have about 10 GPUs, and after some time, we extract­ed the keys.”

DeFi Trad­ing Soars 444% Amid SEC Crack­down

Michaud fur­ther argued that fix­ing this exploit for Tre­zor T would must have a recall of all their prod­ucts.

Tre­zor did not instant­ly respond to a request for com­ment from The Block.

In an inter­view with Coin­Desk, Tre­zor acknowl­edged that Unciphered’s demon­stra­tion had sim­i­lar­i­ties with the Read Pro­tec­tion Down­grade (RDP) vul­ner­a­bil­i­ty real­ized  by Krak­en Secu­ri­ty Labs researchers that influ­enced both the Tre­zor 1 and Tre­zor Mod­el T. This  implies that the vul­ner­a­bil­i­ty is not new.

Tre­zor fur­ther made it clear that such attacks would require phys­i­cal theft of the hard­ware wal­let device.


Read Dis­claimer
This page is sim­ply meant to pro­vide infor­ma­tion. It does not con­sti­tute a direct offer to pur­chase or sell, a solic­i­ta­tion of an offer to buy or sell, or a sug­ges­tion or endorse­ment of any goods, ser­vices, or busi­ness­es. does not offer account­ing, tax, or legal advice. When using or rely­ing on any of the prod­ucts, ser­vices, or con­tent described in this arti­cle, nei­ther the firm nor the author is liable, direct­ly or indi­rect­ly, for any harm or loss that may result. Read more at Impor­tant Dis­claimers and at Risk Dis­claimers.

Follow us

Latest Crypto News

Share via
Share via
Send this to a friend