Investing

Security Firm Unciphered Posts a Video Showing a Hack of Trezor T Wallet

PeopleImages / iStock via Getty Images

Unciphered, a cybersecurity firm specializing in cryptocurrency recovery, posted a video in which it claims to be able to extract the seed phrase from Satoshi Labs’ Trezor T hardware wallet. The hack, however, requires both the physical possession of the wallet and specialized equipment.

Unciphered Showcases New Vulnerability of Trezor T Hardware Wallet

This Wednesday, a cybersecurity firm called Unciphered posted a video in which it claims to showcase a successful hack of Satoshi Labs’ Trezor T wallet. In the video, the company dismantles the hardware before successfully extracting the mnemonic seed phrase.

Unciphered also claims that there is no way to fix the vulnerability used for the hack other than a recall of all Trezor T wallets. The hack, however, requires the physical possession of the hardware wallet, as well as a set of specialized tools.

The demonstration sparked some speculation that Unciphered merely rediscovered a vulnerability that has been known for years, but the company denied it stating that said issue was patched in 2019. According to the firm, the vulnerability, as well as the method to exploit it have been developed “in-house”.

Hardware Wallet Security Increasingly In Question

Considering that they are designed to keep cryptocurrencies and access codes away from the internet—and, by extension, away from would-be thieves—hardware wallets have long been considered among the safest ways to store digital assets. This reputation even saw them surge in popularity as investors fled from major centralized cryptocurrency firms in the immediate aftermath of the collapse of FTX.

Recent weeks have, however, put a dent in hardware wallets’ reputation for safety. The most high-profile event that caused the new trend has been the announcement of Ledger’s new feature—Ledger Recover. The new feature coming from one of the largest hardware wallet companies sparked fears that they may ultimately have critical vulnerabilities and enable thieves to access investors’ cryptocurrency.

The issue was further compounded by Ledger’s dubious response to the crisis which caused even greater backlash and even forced Ledger to postpone the release of the new feature. Most similar companies promised more transparency to the public in response to the developing crisis.

This article originally appeared on The Tokenist

 

Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.