Trezor Hack - Devices Are NOT SECURE - Private Key Can Be Extracted At Startup

in #trezor7 years ago

Trezor Hack 1.png

The Trezor hardware wallet is generally assumed to be one of the safest ways to hold your Bitcoin. Unfortunately, new information has emerged showing that may not be the case.

The short version is that the Trezor's RAM can be accessed at startup, giving anyone access to your wallet if they have your device for 15 seconds or more. Medium user "Doshay Zero404Cool" gives a much more in-depth overview at this link.

Suffice it to say, the outlook is not good:

Trezor Hack 2.png

Helpful Reddit user Tom Fyuri gives a brief TLDR here. He seems biased against Trezor, but given the situation that seems appropriate:

Trezor Hack 3.png

The bottom-line for everyone, however, is Trezor was never a good solution because of their non-proprietary setup. I personally believe the Ledger Nano S is a much better option and is not susceptible to this kind of hack. If you have funds in a Trezor, quickly locate a safer location for them and move them there. Ledger units have been back-ordered most of this year, so get your order in early if you want one.

Trezor Hack 4.png

Note: I am not affiliated with Ledger.

Sources: Reddit, Medium user "Doshay Zero404Cool", BuyBitcoinWorldwide

Sort:  

I never understood why people want to put the virtual money again in a physical shape. Wasn't it the goal of bitcoin to get rid of physical money in the first place? Just use a paper wallet with BIP38 encryption and go on.

Just use a paper wallet with BIP38 encryption and go on.

By far simplest and safest way to keep money on blockchain.

I never understood why people think that their virtual money will be safer with some company's con-trap-tion which will “guarantee” safety. Ridiculous.

Its always something too, once you think your coins are safe BOOM some shit like this comes out.

Paper is just about as physical a shape as a hardware wallet, IMO, and easier to lose.

The name is paperwallet you can just keep it digital in many copies in your private emails, google drive and SD cards.

Yeah keep your private key in your "private" mails and on your "private" google drive ROFL! You deserve to get your coins stolen for sure.

El dinero "virtual" no se pone de forma "fisica" al usar un hadware Wallet. Los hadware wallet nunca almacenan bitcoin o criptos, lo que almacenan en la semilla con la que firmamos las transacciones.

Damn that's screwed up! Good thing I didn't go with the trezor!

You have chosen...well.

Yikes! I almost ordered a trezor the other day because amazon had them available...glad I didn't pull the trigger.

I love my Nano S. Well worth it. I much prefer the styling too, not that that really matters, but it is very snazzy. Makes handling wallets fun.

 7 years ago  Reveal Comment

This article states that after a firmware update the issue is resolved. What bothers me is that it might take them more then 15 seconds and special firmware to crack the Trezor.

“This attack vector was fixed in firmware 1.5.2,” explains the Trezor employee Xbach. The claims in the post are not 100% correct. While it is true that this vulnerability affects devices with firmware versions earlier than 1.5.2, it was fixed in the latest update. Moreover, an attacker would need more than 15 seconds: they need to be physically present and a special firmware.”

Source: https://news.bitcoin.com/trezor-calls-an-article-that-claims-to-break-bitcoin-hardware-wallets-fud/

Do you think they might go for a more secure chip in the next models?

"Do you think they might go for a more secure chip in the next models?"

I hope so. I think that's necessary to compete with Ledger.

Great write up! Not too long and to the point. Stuff like this can become complicated fast.

You don't know how hard it is to keep these things short. I have a tendency to get wordy, and I must remember brevity is the real soul of wit...especially on Steemit.

I had to write an article about it to remind myself.

Dude, tell me about it! :D

Shall I knock on the door of the Trezor devs? I live nearby.

I doubt they'd appreciate further inquiry on this topic.

I speak Czech so being friendly too might help ;)

paper wallet is the most secure...and very easy to create

A good point to keep in mind. However, they are also a bit easier to lose/ruin IMO than a hardware wallet.

hmmm, makes me glad i have silver in the drawer (-:

Lol - Honestly I own more physical silver and gold than stocks and cryptos together :-) I love that stuff even I dont make much profits with that....

metals time will come, but it could be awhile yet

I used to like silver, but I got out on that epic pump to $49 and haven't really looked back.

It sure is pretty though...and heavy.

As I know they are going to provide an security update that prevents this in future. Anyways... save some money to order the Ledger Blue :-)

My understanding is that this is a chip-manufacture issue, so they would be unable to fix this without actually recalling wallets and replacing them. (unlikely)

Yikes I was just about to get myself one I am glad I did not now. Thank you

Happy to help! Check out the Nano S, I love it.

Wow! That is good to know! I was debating between a Ledger and Trezor instead of a paper wallet. Thanks!

Time to upgrade my Ledger Nano to a Nano S

I have never used the Nano, but I love my Nano S.

I think the reason I got the Nano S initially was because of additional currency support.

Digital Bitbox also is a killer unit. doubles as a U2F, and it's a high security monster.

Nice, I hadn't heard of that one! The Ledger Nano also has the Fido u2f option, but I haven't used it.

Should I cancel my order?

If you can still get a full refund, I would.

@lexiconical I thought Trezor was the shit...If we follow Moore's Law, the next thing would be the blockchain hack, as we add more layers to it, we also provide further windows for hackers...

I too am slightly worried about a quantum computing black swan, or something to that effect. It's going to be a crazy decade.

definitely, as we progress into a digital age, cyber security gonna be important very important. Quantum gonna prove which technology is truly revolutionary, difficulty should be a thing of past, but we see how things go

Hopefully quantum computing doesn't crack all our wallets.

hopefully we advance up to that level because the guys that figure out the loops gonna play the system like a game

No way! Just when you think you are safe...

Today Trezor is unsafe and who knows tomorrow Ledger Nano S would become unsafe, but till then one can go on with you.

Almost anything is possible. However, the Ledger is more resistant to this sort of issue, as I noted above, and costs a similar amount.

The only safe option is paper wallet but it has natural threat!

Yep, there is never a 100% secure option for anything.

Paper wallets are always your best choice. Keep the safe!

Always something... sheesh.

This post is Such an Eye-Opener.

I am still get one , the price should go down and for this new world of crypto u don't want to just have one hard wallet . That just in case wallet

I doubt they'll lower the price. I'd still suggest a Nano S instead.

Seria intersante hacer una actualizacion de este articulo, La vulnerabilidad, "la cual se daba, si o solo si el atacante tenia acceso fisicamente al dispositivo". Igualmente el Equipo de desarrollo actuó rapidamente y la corrigió. Trezor es una excelente Wallet y mejor aun la version T