Hardware Wallet Flaw Lets Attackers Hold Crypto for Ransom Without Touching Device

A hypothetical man-in-the-middle attack would have allowed an attacker to hold users’ crypto for ransom on Trezor and KeepKey hardware wallets.

AccessTimeIconSep 2, 2020 at 8:15 p.m. UTC
Updated Aug 19, 2021 at 4:07 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A recently disclosed vulnerability in two popular hardware wallets would have allowed attackers to hold users’ cryptocurrency for ransom without going anywhere near the device.

  • ShiftCrypto, the Swiss company that manufacturers the BitBox hardware wallet, has disclosed a potential man-in-the middle ransom attack vector on the rival Trezor and KeepKey hardware wallets.
  • A ShiftCrypto developer known as Marko discovered the vulnerability in the spring of 2020, and notified the Trezor and KeepKey teams respectively in April and May. A Trezor representative confirmed to CoinDesk that the attack "is only theoretical and has never been performed in practice."
  • ShiftCrypto did not suggest the attack had been carried out, only that an attack was possible.
  • Trezor has patched the vulnerability for its Model One and Model T hardware wallets. KeepKey (which is a fork, or copy, of Trezor and so runs near-identical code) has not made a fix, according to the ShiftCrypto team, who said the manufacturer cited “higher priority items” as the reason. CoinDesk reached out KeepKey to ask the team why they deemed the attack vector low priority but did not receive a response by press time.
  • The hypothetical attack involves an optional passphrase that Trezor and KeepKey users can set to unlock their device in lieu of the usual PIN code. Both hardware wallets require a USB connection with a computer or mobile device to manage accounts. When plugging the hardware wallet into the other device, a user would type the passphrase into the latter to access the former.
  • The problem is that neither Trezor nor KeepKey would verify the passphrase users entered. Verification would require displaying the passphrase on the wallet’s screen so the user could ensure it matched what they typed on the computer.
  • Without this safeguard in place, a man-in-the-middle attacker could have modified the information relayed between Trezor or KeepKey and their users by importing a new passphrase into the wallet. The user would be none the wiser, since he or she couldn’t check that the passphrase on the device matched the one on the computer screen.
  • Upon inputting the old passphrase, the user would open the hardware wallet’s interface on the computer as usual. Each address generated, however, would be under the control of the new passphrase set by the hacker, so the hardware wallet user would be unable to spend funds locked in these addresses.
  • The attacker, however, would not have access to these addresses because they are still derived from the wallet’s seed phrase, so they can only be held for ransom. Thus, even if the hacker had access to the real passphrase, he or she would need the seed phrase or access to the device itself.
  • This ransom attack could be executed against multiple users at once, and multiple cryptocurrencies could be taken hostage at the same time.
  • Trezor and KeepKey have had run-ins with vulnerabilities in the past, but most of these required physical access to the hardware wallets to succeed with a couple exceptions. The one discovered by their competitor broke ground by allowing the hypothetical attacker to work remotely.
  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • UPDATE (Sept. 3, 17:31 UTC): Added comments from Trezor in the third paragraph.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about