Trezor Has Denied Data On The Vulnerability Of Cryptocurrency Wallet
Ledger, a manufacturer of hardware cryptocurrency wallets, presented a report on vulnerabilities detected in Trezor’s devices. On March 12, Trezor representatives published an article in which they expressed their attitude towards the results of the Ledger study and reported the corrected deficiencies.
The March 10 Ledger report states that Trezor crypts are vulnerable to 5 types of attacks:
- supply Chain Attack;
- attack on the device software;
- attack on third-party channels to gain access to the PIN code;
- attack on third-party channels on scalar multiplication;
- attack on microchip.
Trezor staff reported that all of the above types of attacks could not be carried out remotely, to perform them, you must have access to the device, special equipment, time and technical knowledge. According to the Binance cryptocurrency exchange research, only 5.93% of digital asset owners fear physical attacks on crypto, 66% believe that the main threat comes from remote attacks on devices. That is why Trezor experts are sure that Ledger intentionally exaggerates in its report.
The Trezor publication states that the main goal of the hardware wallet is to protect the crypto storage from computer malwares and remote attacks. Moreover, representatives of the company believe that the device can be secured from any physical attack with the help of a passphrase and elementary operating safety principles (for example, do not connect the cryptocurrency wallet to a computer in a public place).
Trezor representatives commented on each vulnerability found separately:
- Attacking the supply chain is a problem inherent in any equipment, regardless of the security level of the device itself. At each stage of transportation, hardware cryptocurrency wallets can be modified, this vulnerability cannot be excluded by 100%. However, the likelihood of such an attack on Trezor devices is extremely low, because the company carefully controls the production and delivery of products.
- The attack on the software of Trezor devices cannot be performed in practice. The company tested the program code of the wallets and found only 2 vulnerabilities that could not be exploited by hackers. Trezor eliminated these shortcomings and proved the high security level of the code.
- The probability of an attack on third-party channels to gain access to the PIN code was eliminated after installing the patch 1.8.0 for Trezor One and 2.1.0 for Trezor Model T. The developers changed the way the PIN code was stored, so this type of attack no longer threatens wallet users.
- A third-party attack on scalar multiplication can be implemented if the attacker knows the PIN code and passphrase, and also has physical access to the wallet. In this case, it is easier for a person to transfer money from a device than to hack it using an attack on third-party channels.
- Absolutely any microchip is vulnerable to certain attacks that can be performed with the help of laboratory equipment for manipulating microelectronics. No microchip manufacturer can guarantee full protection against hacking.
In conclusion, Trezor staff reported that there is not a single hardware wallet with 100% protection against hacking. However, device owners have the opportunity to reduce the likelihood of attacks on cryptocurrency wallets. The phrase-password reliably protects against theft of digital assets as a result of loss or theft of the device, and you can protect yourself against digital threats by observing the elementary rules: do not connect the cryptocurrency wallet to someone else's computer and do not use the device in a public place.