Cryptocurrencies exist purely in the digital space and this is how they are sold, transferred and spent. The advantage of this is that they are borderless and offer a great deal of convenience for consumers and merchants. The downside to this is that they are susceptible to theft in a way that fiat currency is not and as such, security is one of the most pressing issues within the crypto industry. This involves the security of cryptocurrency exchanges where crypto is bought and sold but also of wallets which is when most people store their cryptocurrency. As a result of this, major wallet providers are constantly touting the unhackable of their product and some even put bounties in a bid to find any possible glitches in the system.
According to a report by Kraken Security, the Trezor wallet and its derivatives are prone to a certain level of hacking through which private keys can be extracted.
While it is possible for the Trzor to be hacked, the Kraken team states that a certain process is involved. This involves at least 15 minutes of physical access to the wallet to do so. The first thing that is done is that the chip of the wallet is extracted and placed on a special device or a few critical connectors are worked on.
The chip then needs to be placed on a glitcher device that will send signals at certain intervals. These signals will then tamper with the internal security protocol that prevents the wallet from being read by external devices. This means that critical wallet parameters including the private keys can be read by the Hackers. The private key seats are encrypted but the Kraken team was able to brute force them within two minutes and review the key.
This error in design is located in the hardware of the wallet itself so the Kraken team states that this cannot be easily fixed unless Trezor recalls the wallets and fixes the issue on all of them. In the meantime, they have advised that individuals not allow anyone to have physical access to their wallets. The Trezor team, however, has minimized the issue and stated that the hacking of the wallet will require a very specialized device. Also, they say, the wallet would show visible signs of attack should this take place.