There is an unpatchable vulnerability on the Trezor One, Trezor Model T, KeepKey and B Wallet hardware wallets that can be exploited to force the hardware wallet to give up its seed phrase and PIN. The problem can not be patched by a firmware update either as the vulnerability is due to a physical design flaw. Only a complete redesign of the whole device will remove this vulnerability.

Now before panic sets in, this is an extremely uncommon attack although the components for carrying it out are cheap and can be picked up relatively easily. Physical access to the hardware wallet is required as is the knowledge to put together a custom board that will run a specific attack on the wallet in order to extract the seed phrase and PIN code. The exploit will only work on devices that haven’t enabled a long passphrase (something complex and long that can not be realistically brute forced). If a robust passphrase is not in place there is no defence to this exploit and it is 100% successful.

The problem is down to the chips that these devices are built around – the ST Microelectronics STM32F05 and STM32F4. Rather than being chips specifically designed for hardware wallets, these are multipurpose programmable chips with no built in security features whatsoever.

Ideally hardware wallets should be built around a Secure Element. This is a chip that resides inside a security device that protects the chip’s private data from being stolen. Acting very much like a vault, a Secure Element provides an impenetrable layer against hackers.

Both the Ledger Nano S and X models use a Secure Element chips. The Nano S uses an ST31 and the Nano X uses an ST33

The lesson here is that even hardware wallets are not infallible. Security measures need to continually evolve to keep pace with newly discovered exploits that can make devices vulnerable to attack.

Do you need to recover data from a Trezor? Please contact us.