Crypto enthusiasts regard hardware wallets as among the best ways to safeguard digital assets from theft. Yet such devices have drawbacks.<\/p>\n
In a joint piece with Mixer.money<\/a>, we examine the security model of the most popular hardware wallets \u2014 Trezor and Ledger. We also explain what to do in case of a compromise or attack on the device.<\/p>\n Trezor and Ledger are essentially USB sticks with specialized software and microcontrollers for encrypting information. The mechanism of their operation can be described as follows:<\/p>\n Hardware wallets are protected against the most common hacker attacks:<\/p>\n Despite these measures, attackers still find ways to access the private key.<\/p>\n The maker of the Trezor wallets, SatoshiLabs opened<\/a> the source code of the devices so that white-hat hackers could help in hunting for wallet vulnerabilities.<\/p>\n In 2020, Joe Grand took advantage of<\/a> a bug in the Trezor Model One controller and regained access for a user who had forgotten their PIN. To do this, he repeatedly rebooted the wallet and fed the controller a carefully calculated voltage to fool the security system.<\/p>\n In May 2023, Unciphered, a company specializing in wallet recovery, announced<\/a> a breach of the Trezor Model T. Its staff turned to a hardware vulnerability in the STM32 controller to copy data to a computer and extract the seed phrase.<\/p>\n SatoshiLabs said that exploiting these vulnerabilities requires physical access to the device, specialized knowledge and expensive equipment. Partly true: breaking into the Trezor One took Joe Grand three months.<\/p>\n The Ledger manufacturer does not disclose the firmware source code. The wallets run on the BOLOS operating system, which does not permit a memory dump even when directly connected to the chips. Since the company\u2019s founding in 2014 there has been no publicly confirmed Ledger wallet breach.<\/p>\n In May 2023, the company announced<\/a> the Ledger Recover wallet-recovery service: the user goes through Know Your Customer (KYC), and Ledger splits the seed phrase into three encrypted fragments and sends them to trusted custodians in France, the United Kingdom and the United States. If the device is lost, the owner can verify their identity, obtain the fragments and restore access to the wallet.<\/p>\n The feature drew<\/a> criticism in the community: the existence of such a function suggests Ledger could extract the seed phrase without the wallet owner\u2019s knowledge.<\/p>\n In 2020, the network leaked<\/a> Ledger\u2019s customer database, and a year later, information about Trezor users appeared<\/a> for sale.<\/p>\n Attackers used<\/a> names, addresses and contacts of customers to hunt whales \u2014 sending personalized phishing emails on behalf of Ledger or Trezor support.<\/p>\n In both cases the leaks occurred due to third-party online retailers. Purchases through intermediaries pose another risk: resellers could sell<\/a> backdoored devices to obtain private keys.<\/p>\n Despite the potential threats, hardware wallets remain among the safest solutions for storing cryptocurrency.<\/p>\n To reduce the risks of theft and losing access to digital assets, follow a few rules:<\/p>\n If the device is lost, recover access with the seed phrase, and then send the cryptocurrency to new addresses.<\/p>\nWhy the community regards hardware wallets as secure<\/h2>\n
\n
\n
Vulnerabilities in Trezor controllers<\/h2>\n
Potential vulnerability of Ledger wallets<\/h2>\n
Other hardware-wallet vulnerabilities<\/h2>\n
How to protect funds on hardware wallets<\/h2>\n
\n