SVET Reports
Kraken Trezor crack
Yesterday, January 31, Kraken blog published the following announcement: "Kraken Security Labs has devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T. "
It's followed by the pretty meticulous report on how exactly it was done: "Our attack begins by re-enabling the integrated bootloader (it, basically, writes, reads and erases the program flash memory which holds the application code) of the processor using a fault-injection attack (simply saying physically monkeying with error handling code paths). ... By repeating the attack it is possible to extract all of the flash contents. Additionally, .. we developed a script to crack the PIN of the dumped device."
Then Kraken hackers threatens: "we estimate that we (or criminals) could mass produce a consumer-friendly glitching device that could be sold for about $75."
... and advises: 1) "Do not allow anyone physical access to your Trezor wallet"; 2) "Enable Your BIP39 Passphrase with the Trezor Client".
What can I say? Nihil adeo sempiternum est: omnia eveniunt et mutant.