Trezor vs. Ledger: New Security Research Uncovers Wallet Vulnerability

• Trezor disclosed a vulnerability in its older Safe 3 hardware wallet.
• Ledger researchers demonstrated an advanced physical attack method.
• The risk is low, but users should take precautions with their devices.

Recently, Trezor disclosed a security bug in its older Safe 3 hardware wallet. Ledger’s security researchers, Donjon, found the bug. They showed that it is possible for an attacker who is physically present to steal sensitive information from the device.

The weakness lies in the wallet’s microcontroller, which is a small processor that processes transactions and inputs. It can be tampered with by the use of the so-called voltage glitching. This technique tricks the device into spilling its memory, possibly revealing the seed phrase of a user.

Users were assured by Trezor that the exploit was difficult to execute. It requires advanced-level knowledge and physical possession of the wallet. The company further clarified that only certain devices are at risk. Newer devices, such as the Safe 5, have better security.

Microcontroller Exploit in Safe 3

The glitching technique targets the microcontroller in the wallet. It would require the attacker to desolder the chip and perform small, controlled electrical manipulations. They would be able to use them to bypass security and extract the device’s stored data.

Once the hacker is in the wallet, the hacker can steal the private keys or install malicious code. This can steal the money in the wallet. It is technically intensive and requires the use of costly hardware. It won’t be tried by most users unless they are worthwhile targets.

The attack also relies on the wallet’s supply chain. If the device goes through the hands of unreliable people prior to reaching the owner, tampering is possible. It is for this reason that both Ledger and Trezor highly advise buying wallets directly from the official sources.

Stronger Security in Trezor’s Latest Models

Trezor added security features to its latest models. The Safe 5, for example, is equipped with an advanced microcontroller that can withstand voltage glitching. Firmware integrity checks and the inclusion of a passphrase feature are the other new upgrades.

The passphrase adds an extra layer of security because it is isolated from the device. If the seed phrase were to be stolen by an attacker from the wallet, the money could never be used without the passphrase. Users should enable this feature for added security.

Another line of defense is firmware updates. Trezor provides official tools to make sure the wallet is on the correct software. Users should be checking for updates and installing them the instant they become available. When tampering signs are detected in the wallet, it should be reset and restored in a secure environment.

Although this is an advanced attack, it serves to remind us that no system is ever entirely secure. Hardware wallets are among the most secure ways to store crypto, but caution should be used. Being cautious, the use of strong PINs, and the purchase of devices from reliable sources can do much to minimize risk.

Related Reading: Bitcoin’s Volatility and Growing Holder Base: Will the Bull Run Return?