In brief
- An audit by the Ledger Donjon team found a hardware vulnerability relating to Trezor’s TROPIC01 Secure Element chip.
- The attack could reveal one of three “secrets” that protect a users PIN, reducing the wallet’s original three layers of protection down to two.
- For the exploit to take place, the attacker must physically possess the wallet, disassemble it, and use specialized lab equipment.
Trezor has revealed a vulnerability in its flagship Safe 7 hardware wallet, but affirms that user funds “remain protected” due to the nature of the exploit.
The vulnerability was uncovered during an independent security audit by the Ledger Donjon team, which reported a successful “laser fault injection attack” against the TROPIC01 Secure Element chip. It enables an attacker to extract one of three “secrets” that protect a user’s PIN, effectively reducing three layers of protection to two.
“The vulnerability concerns only the TROPIC01 Secure Element chip, one of three physical, independent security layers. Compromising TROPIC01 alone is not enough to give access to the PIN, which is the final layer of protection for your funds,” the Trezor blog states. “It also cannot result in tampered Trezor Safe 7 devices with persistent malicious firmware.”
It’s worth noting that Trezor says that such an attack requires physical possession of the hardware wallet, for the attacker to disassemble it, and for specialized lab equipment to be used. As such, Trezor still calls the TROPIC01 chip an “effective barrier” of protection which “requires significant time and effort to exploit,” adding that “users’ funds remain safe.”
Blockchain security firm Cyvers echoed Trezor’s assessment that user funds are “safe,” telling Decrypt that the attack appears “highly impractical.”
Hardware wallets, otherwise known as “cold” wallets, store private keys offline on a physical device. This is in contrast to hot wallets, like MetaMask, which store the user’s keys on locally installed software or on cloud-based servers. In the case of the Trezor Safe 7 wallet, the blog post says that the user’s keys are fortunately not stored in the TROPIC01 chip.
Unfortunately, due to the vulnerability being hardware-based, the exploit cannot be patched with a firmware update. Trezor did not immediately respond to Decrypt‘s request for comment on whether it will accept refund requests from customers.
“Hardware wallet security should not be evaluated only by whether a chip can eventually be attacked in a lab,” Deddy Lavid, CEO of Cyvers, told Decrypt. “For most users, the much larger risk is still phishing, seed phrase theft, malicious dApps, and blind-signing transactions they do not fully understand.”
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Freedom Index
