A security research team at Kraken, a crypto exchange valued at $4 billion, has found a way to gain access to seeds from the widely-used KeepKey hardware wallet.
To carry out the attack, the Kraken Security Labs team said that a specialized piece of hardware and knowledge is needed. With that, it takes less than 15 minutes to force access into the device to gain seeds of the crypto wallet.
“This attack relies on voltage glitching to extract your encrypted seed, which can require specialized hardware and knowledge. We estimate that a consumer-friendly glitching device could be created for about $75. We then crack your encrypted seed, which is protected by your 1-9 digit PIN, but is trivial to brute force,” the team said.
Why it’s a Serious Issue
The merit of a hardware wallet, as a secure device that stores crypto assets like bitcoin, is that even if a user loses the device, funds can be recovered with seeds.
However, according to Kraken, the flaws within the microcontroller of a KeepKey device allows a hacker to retrieve seeds contained in the device, leaving crypto assets stored in it at risk.
In short, if a hacker with specialized knowledge gains physical access to a KeepKey hardware wallet, the hacker can steal funds in crypto stored in the device.
“It is important to understand that if you physically lose your KeepKey this vulnerability could be used to access your crypto,” Kraken Security Labs said.
Security is Key For Crypto
For hackers to attempt to retrieve funds stored in a KeepKey wallet, they first need to have physical control over the device.
Hence, until KeepKey issues updates or implements major changes to resolve the reported vulnerability, users need to be extra cautious not to lose the device.