Unciphered, a cybersecurity firm specializing in cryptocurrency recovery, posted a video in which it claims to be able to extract the seed phrase from Satoshi Labs’ Trezor T hardware wallet. The hack, however, requires both the physical possession of the wallet and specialized equipment.
Unciphered Showcases New Vulnerability of Trezor T Hardware Wallet
This Wednesday, a cybersecurity firm called Unciphered posted a video in which it claims to showcase a successful hack of Satoshi Labs’ Trezor T wallet. In the video, the company dismantles the hardware before successfully extracting the mnemonic seed phrase.
Unciphered also claims that there is no way to fix the vulnerability used for the hack other than a recall of all Trezor T wallets. The hack, however, requires the physical possession of the hardware wallet, as well as a set of specialized tools.
The demonstration sparked some speculation that Unciphered merely rediscovered a vulnerability that has been known for years, but the company denied it stating that said issue was patched in 2019. According to the firm, the vulnerability, as well as the method to exploit it have been developed “in-house”.
Hardware Wallet Security Increasingly In Question
Considering that they are designed to keep cryptocurrencies and access codes away from the internet—and, by extension, away from would-be thieves—hardware wallets have long been considered among the safest ways to store digital assets. This reputation even saw them surge in popularity as investors fled from major centralized cryptocurrency firms in the immediate aftermath of the collapse of FTX.
Recent weeks have, however, put a dent in hardware wallets’ reputation for safety. The most high-profile event that caused the new trend has been the announcement of Ledger’s new feature—Ledger Recover. The new feature coming from one of the largest hardware wallet companies sparked fears that they may ultimately have critical vulnerabilities and enable thieves to access investors’ cryptocurrency.
The issue was further compounded by Ledger’s dubious response to the crisis which caused even greater backlash and even forced Ledger to postpone the release of the new feature. Most similar companies promised more transparency to the public in response to the developing crisis.
This article originally appeared on The Tokenist
Sponsored: Find a Qualified Financial Advisor
Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to 3 fiduciary financial advisors in your area in 5 minutes. Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests. If you’re ready to be matched with local advisors that can help you achieve your financial goals, get started now.