Trezor Hack - Devices Are NOT SECURE - Private Key Can Be Extracted At StartupsteemCreated with Sketch.

in #trezor7 years ago

Trezor Hack 1.png

The Trezor hardware wallet is generally assumed to be one of the safest ways to hold your Bitcoin. Unfortunately, new information has emerged showing that may not be the case.

The short version is that the Trezor's RAM can be accessed at startup, giving anyone access to your wallet if they have your device for 15 seconds or more. Medium user "Doshay Zero404Cool" gives a much more in-depth overview at this link.

Suffice it to say, the outlook is not good:

Trezor Hack 2.png

Helpful Reddit user Tom Fyuri gives a brief TLDR here. He seems biased against Trezor, but given the situation that seems appropriate:

Trezor Hack 3.png

The bottom-line for everyone, however, is Trezor was never a good solution because of their non-proprietary setup. I personally believe the Ledger Nano S is a much better option and is not susceptible to this kind of hack. If you have funds in a Trezor, quickly locate a safer location for them and move them there. Ledger units have been back-ordered most of this year, so get your order in early if you want one.

Trezor Hack 4.png

Note: I am not affiliated with Ledger.

Sources: Reddit, Medium user "Doshay Zero404Cool", BuyBitcoinWorldwide

Sort:  

I never understood why people want to put the virtual money again in a physical shape. Wasn't it the goal of bitcoin to get rid of physical money in the first place? Just use a paper wallet with BIP38 encryption and go on.

Just use a paper wallet with BIP38 encryption and go on.

By far simplest and safest way to keep money on blockchain.

I never understood why people think that their virtual money will be safer with some company's con-trap-tion which will “guarantee” safety. Ridiculous.

Its always something too, once you think your coins are safe BOOM some shit like this comes out.

Paper is just about as physical a shape as a hardware wallet, IMO, and easier to lose.

The name is paperwallet you can just keep it digital in many copies in your private emails, google drive and SD cards.

Yeah keep your private key in your "private" mails and on your "private" google drive ROFL! You deserve to get your coins stolen for sure.

El dinero "virtual" no se pone de forma "fisica" al usar un hadware Wallet. Los hadware wallet nunca almacenan bitcoin o criptos, lo que almacenan en la semilla con la que firmamos las transacciones.

Damn that's screwed up! Good thing I didn't go with the trezor!

You have chosen...well.

Yikes! I almost ordered a trezor the other day because amazon had them available...glad I didn't pull the trigger.

I love my Nano S. Well worth it. I much prefer the styling too, not that that really matters, but it is very snazzy. Makes handling wallets fun.

I have one backordered on the Bitcoin Store. How do I get a refund now?


http://www.FlippyCoin.com is the #1 Cryptocurrency Exchange!

This article states that after a firmware update the issue is resolved. What bothers me is that it might take them more then 15 seconds and special firmware to crack the Trezor.

“This attack vector was fixed in firmware 1.5.2,” explains the Trezor employee Xbach. The claims in the post are not 100% correct. While it is true that this vulnerability affects devices with firmware versions earlier than 1.5.2, it was fixed in the latest update. Moreover, an attacker would need more than 15 seconds: they need to be physically present and a special firmware.”

Source: https://news.bitcoin.com/trezor-calls-an-article-that-claims-to-break-bitcoin-hardware-wallets-fud/

Do you think they might go for a more secure chip in the next models?

"Do you think they might go for a more secure chip in the next models?"

I hope so. I think that's necessary to compete with Ledger.

Great write up! Not too long and to the point. Stuff like this can become complicated fast.

You don't know how hard it is to keep these things short. I have a tendency to get wordy, and I must remember brevity is the real soul of wit...especially on Steemit.

I had to write an article about it to remind myself.

Dude, tell me about it! :D

Shall I knock on the door of the Trezor devs? I live nearby.

I doubt they'd appreciate further inquiry on this topic.

I speak Czech so being friendly too might help ;)

paper wallet is the most secure...and very easy to create

A good point to keep in mind. However, they are also a bit easier to lose/ruin IMO than a hardware wallet.

hmmm, makes me glad i have silver in the drawer (-:

Lol - Honestly I own more physical silver and gold than stocks and cryptos together :-) I love that stuff even I dont make much profits with that....

metals time will come, but it could be awhile yet

I used to like silver, but I got out on that epic pump to $49 and haven't really looked back.

It sure is pretty though...and heavy.

As I know they are going to provide an security update that prevents this in future. Anyways... save some money to order the Ledger Blue :-)

My understanding is that this is a chip-manufacture issue, so they would be unable to fix this without actually recalling wallets and replacing them. (unlikely)

Yikes I was just about to get myself one I am glad I did not now. Thank you

Happy to help! Check out the Nano S, I love it.

Wow! That is good to know! I was debating between a Ledger and Trezor instead of a paper wallet. Thanks!