Kraken: KeepKey Hardware Crypto Wallet Hacked in 15 Minutes Cybersecurity researchers have uncovered a vulnerability in the KeepKey hardware wallet that they say allows an attacker with physical access to a device to steal assets in just 15 minutes.

Kraken: Hacking KeepKey Hardware Crypto Wallet In 15 Minutes

Cybersecurity researchers have uncovered a vulnerability in the KeepKey hardware wallet, which they say allows an attacker with physical access to a device to steal assets in just 15 minutes..

On the exchange's blog, Kraken Security Labs describe a “power outage” attack that can extract an encrypted seed to gain access to a cryptocurrency stored on a device. Then cybercriminals can brute-force crack the seed-phrase, which is protected by a PIN-code containing from 1 to 9 digits, which the authors call a "trivial" task.

At the same time, they say, it will be quite problematic to eliminate the vulnerability, since the KeepKey team will not be able to do anything unless they change the wallet at the hardware level. "The attack is possible due to a vulnerability inherent in the microcontroller used in KeepKey," writes Kraken Security Labs.

The distribution of KeepKey wallets is carried out by the crypto-exchange platform ShapeShift, which bought the manufacturing company in 2017 year.

A voltage failure attack is carried out by malicious manipulation of the microcontroller power supply. Researchers estimate that it will cost about $ 75 to build an easy-to-use device to carry out such an attack. With its help, an attacker will be able to influence the first piece of software loaded by the device, in this case the "BootROM code".

“While the majority of KeepKey's codebase is based on Trezor One, their codebases have become quite different. The KeepKey team has added several mechanisms to make its firmware immune to the crash attacks demonstrated at the Wallet.Fail event during the 35th Chaos Communications Congress. Now, however, these measures have proven ineffective, ”explains Kraken Security Labs.

Similar articles

• An attacker stole over $ 250,000 from users of the non-custodial exchange Bisq The stoppage of trading on the non-custodial exchange Bisq that night was associated with a successful attack on its users. Previously, developers reported a "critical security vulnerability".

  Intruder kidnapped from above $ 250 000 users non-custodian exchange Bisq Stop trading on non-custodial Bisq exchange this night turned out...

• “Bitcoin SV Does Not Meet Our Listing Criteria” - Kraken Adds Bitcoin Cash Fork Tokens Kraken last night confirmed that it will list Bitcoin ABC tokens, one of two chains formed after the Bitcoin Cash hard fork last week, under the ticker BCH. At the same time, the exchange launches trading in the second chain tokens - Bitcoin SV - and distributes its assets among the holders of the original Bitcoin Cash..

  "Bitcoin SV does not match our listing criteria"- Kraken credits tokens fork Bitcoin Cash Cryptocurrency this Kraken exchange confirmed at night,...

• American Express uses the Ripple blockchain to make instant transfers between the UK and the US American Express has announced the opening of a payment corridor between the UK and the US using the RippleNet blockchain, which allows transactions in 9 seconds. The Spanish bank Santander is also involved in the project. Writes about this CoinDesk.

  American Express uses Ripple blockchain for implementation of instant transfers between UK and USA American financial company American...

• The Poloniex cryptocurrency exchange phishing app has appeared on Google Play Despite its controversial reputation, Poloniex has been and remains one of the most popular cryptocurrency exchanges in the world. Naturally, such popularity attracts various scammers who, in one way or another, try to steal users' money. WeLiveSecurity writes about one of these cases.

  IN Google play appeared phishing application cryptocurrency exchanges Poloniex Despite controversial reputation, Poloniex was and remains one of the most...

• China Construction Bank (CCB) has partnered with Hong Kong-based digital asset exchange Fusang to issue $ 3 billion in debt securities on the blockchain. Reported by the South China Morning Post. According to the publication, this is the first time a Chinese bank has issued digital securities using distributed ledger technology..

  Second largest World Bank will issue bonds by $ 3 billion from possibility of exchange to bitcoin China Construction Bank (CCB) entered into cooperation from...