3 Untold Ways To Hack a Hardware Wallet

2/19/2023, 6:49:26 PM - Eddu Oz
3 Untold Ways To Hack a Hardware Wallet

For any crypto holder, storing funds safely is a major concern that requires research and planning. The safest place to keep them is in what’s known as a “hardware wallet,” a physical device that stores your currency and private keys locally, without connecting to the internet.  This does not mean, however, that these wallets are immune to fraud.

In this article, we will be taking a detailed look into 3 untold ways hackers can get access to your Ledger and Trezor wallets: the two most popular and secure hardware wallets.

Key Takeaways

• Crypto hardware wallets are designed to keep your keys (private and public keys) safe from threats and attacks deployed on connected devices.

• Hardware devices themselves can be targeted by physical hacks.

• Hackers target individuals with a hardware wallet and then trick them into using a modified replacement designed to steal crypto keys.

• Hardware wallet providers will never ask customers for their recovery keys. Moreover, they will never ship replacements unless you explicitly ask for one.

SEE ALSO: Top 5 Hardware Wallets with Resilient Secure Chips

SEE ALSO: Best Hot and Cold Bitcoin Wallets

SEE ALSO: 9 Best Multicoin Wallets for Hodling Crypto

Below, you’ll find three tactics, hackers can use to get into your hardware wallet;


How To Hack a Hardware wallet

3 Untold Ways To Hack a Hardware Wallet

A hardware wallet can be hacked in several ways, but in all cases, the objective of an attack is getting access to sensitive data such as your PIN code or those sweet private keys. Your secret PIN code is the security barrier to protecting your data, but that PIN is only as secure as the device. Here’s how a hardware wallet can be hacked:

1. Power Glitching

Power glitching is a hacking technique also known as voltage glitching. It sounds ominous. And it is to a hardware wallet. This possibly fatal flaw was identified by Kraken Security Labs.

The concept behind a power glitch is to flood the power supply of a hardware’s circuit board for a quick burst of time to put the device in a bit of a frazzled state. With the shockwave of energy, the circuit of the device becomes confused and leaves the sensitive information open to an attacker.

The microcontroller chip is the key to the private keys, and hacking into it unlocks the secrets (the data) inside. A power glitch attack does this by using high voltage bursts of current on the component to leave it vulnerable, allowing the raw data to be accessed. From here, it is relatively simple to recover the device PIN code and get to the underlying private data in the chip.

Simply put, a power glitch attack is a brute force attack using electrical currents that requires the attacker to have direct access to your wallet.

2. Side-channel attack

The principle of a side-channel attack is to observe the behavior of a hardware wallet while it is executing a transaction. We can look at a side-channel attack kind of like a burglar using a doctor’s stethoscope to listen to a locked safe and extract information by hearing from changes while fiddling with the lock.

To execute a side-channel attack, you use an oscilloscope to watch the power consumption of a device when it’s running. By listening to the noise of the device and fiddling around with random PIN codes, you can watch how the consumption behaves and how each code changes the behavior.

Different PIN digit values will leave a different footprint, making it easy to distinguish which codes might work. Studying the behavior of the power consumption with each PIN digit attempt builds a database of information. Used in conjunction with a script that guesses PINs one by one, the information is used to crack the code.

A side-channel attack “listens” to information emitted by your device to figure out its PIN code. Once this has been done, the hacker can use your wallet as though it was their own.

Although this vulnerability was detected in some Trezor hardware, it has since been fixed.

3. Breaking the Hardware with a Software Attack

The principle of an attack on a Hardware Security Module (known as an HSM) is to rover the software behind its operations to understand how it functions. Attacking the software means getting to know the technology better than the developers themselves and nailing down the vulnerabilities. It’s a process of research and exploitation.

The first step is to plug the hardware module into a computer, from there you interact with it to recover its underlying software. This happens by running a script that digs into the code of the device to find the software in binary form.

But we can’t understand binary code, so to get the information to a point where it can be understood, a little reverse engineering is needed to turn the code into something a human can interpret.

Using this redacted information about the software, the point is to try and find a point of vulnerability that can be exploited, allowing the attacker to take control of the software and get data from it.

SEE ALSO: 12 Best Crypto Custodial Wallets Right Now

SEE ALSO: BitBox02 Hardware Wallets – Why You Should Buy One

Frequently Asked Questions (FAQs)

How do hardware cryptocurrency wallets work?

The main idea behind a hardware cryptocurrency wallet is to store the cryptographic seed in a manner that never leaves the device. All the crypto signing stuff is done inside the wallet, not on a computer that it is connected to. Therefore even if your computer gets compromised, the invaders won’t be able to steal your keys.

How do I protect myself against hardware wallet attacks?

First and foremost, is to buy hardware cryptocurrency wallets only from trusted vendors. When buying, check thoroughly for any signs of tampering. To be more certain pop the device open and make sure no extra elements are attached to the circuit board.

Store your crypto wallet in a safe place, and don’t allow people you don’t trust to get their hands on it.

Finally, protect the computer you use for cryptocurrency with reliable security software.

Are Hardware wallets unhackable?

Although hardware wallets are designed to store cryptocurrency keys offline while being unhackable or susceptible to malware, they still have the risk of being compromised just as we have earlier discussed.

 Also, there is the possibility of the devices being altered and tampered with during shipping as well as fake wallets being delivered.

What happens If I lose my Hardware wallet?

Losing a hardware wallet does not mean you lose your cryptocurrency, so this is not a risk. If you lose your hardware wallet device or it is stolen, you simply purchase another one and set your device up as normal.

The important thing is that you keep your private keys safe and separate from where you store your device. There are several options including writing them down and keeping them in a safety deposit box, or using something like Crypto Steel.


Final Thoughts

This article isn’t to scare hardware wallet users but to promote awareness about the feasibility of hardware attacks.

Anyway, unlike some other hardware wallets, Ledger’s and Trezor’s devices are designed with security in mind. Just don’t assume that they are 100% unhackable.

Take a few additional steps to protect your crypto fortune and keep your wallet physically safe even if you’re storing a few thousand dollars worth of cryptocurrency.

Finally, always keep in mind that even when you intentionally prioritize security by opting for something like a hardware wallet, it can still have weaknesses.

Read More