TL;DR
- Critical Flaw Identified: Ledger’s Donjon team uncovered vulnerabilities in Trezor Safe 3 and Safe 5 wallets, where the microcontroller is susceptible to voltage glitching attacks, allowing potential firmware modifications.
- Risk of Key Theft: Exploiting this flaw could enable attackers to bypass security checks, manipulate entropy generation, and extract cryptographic secrets, putting user funds at risk.
- Response and Industry Impact: Trezor acknowledges the issue and emphasizes secure purchasing channels, while the discovery highlights the need for ongoing improvements in hardware wallet security across the crypto industry.
The Ledger Donjon security research team has uncovered significant vulnerabilities in Trezor‘s Safe 3 and Safe 5 hardware wallets, raising concerns about the safety of users’ crypto assets. The Ledger Donjon team identified critical flaws in the microcontrollers of Trezor’s Safe 3 and Safe 5 models.
Despite Trezor’s upgrade to a two-chip design, which includes an EAL6+ certified Secure Element, the main cryptographic operations are still performed on the microcontroller.
This microcontroller is susceptible to voltage glitching attacks, allowing hackers to modify firmware and potentially steal private keys. The Secure Element protects PINs and private keys, but the vulnerability in the microcontroller leaves users exposed to remote fund theft.
Potential for Remote Fund Theft
The report highlights that the microcontroller’s vulnerability to voltage glitching attacks could enable attackers to gain full read/write access to the flash memory. Once an attacker modifies the firmware, they can manipulate entropy generation, a key component of cryptographic security.
This flaw allows hackers to bypass security checks and extract cryptographic secrets, putting user funds at risk. The Ledger Donjon team emphasized that this issue is not a bug or an exploit but a consequence of the microcontroller’s design.
Trezor’s Response and Mitigation Efforts
In response to Ledger’s findings, Trezor has acknowledged the vulnerability and assured users that their funds remain safe. The company has implemented multi-layered defenses against supply chain attacks and advises users to purchase devices from official sources.
A statement shared with Crypto Economy was issued from Trezor, giving further details of the case:
“Security has always been a top priority for Trezor, and we follow a multi-layered approach to minimize risks. Ledger Donjon recently evaluated our Safe series and demonstrated an attack that affected certain security measures in Trezor Safe 3. It’s important to clarify that this attack does not impact Trezor Safe 5, as this model uses a different, more secure chip that was not compromised.
In cybersecurity, no system is entirely unbreakable, which is why we continuously implement multiple layers of protection to ensure users can safely store their assets. More details on the countermeasures we’ve implemented can be found in our blog post.
Regarding future devices, we are constantly improving our products, and the enhanced security measures—including the more secure chip used in Safe 5—will be integrated into upcoming models. Most importantly, user funds remain safe. Ledger Donjon researchers were unable to extract private keys or PIN codes from the tested device. All Trezor devices are designed to keep private keys secure, and users who purchase from official sources remain fully protected.“
Broader Implications for the Crypto Industry
The discovery of these vulnerabilities has broader implications for the cryptocurrency industry. It underscores the need for continuous improvement in the security of hardware wallets and highlights the importance of robust risk management measures.
Ledger’s Chief Technology Officer, Charles Guillemet, stated that making the ecosystem more secure is critical for the broader adoption of crypto and digital assets. The collaboration between Ledger and Trezor aims to elevate security standards and ensure user assets remain protected.
