Hardware Wallet Flaw Lets Attackers Hold Crypto for Ransom Without Touching Device

A hypothetical man-in-the-middle attack would have allowed an attacker to hold users’ crypto for ransom on Trezor and KeepKey hardware wallets.

AccessTimeIconSep 2, 2020 at 8:15 p.m. UTC
Updated Sep 14, 2021 at 9:51 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A recently disclosed vulnerability in two popular hardware wallets would have allowed attackers to hold users’ cryptocurrency for ransom without going anywhere near the device.

  • ShiftCrypto, the Swiss company that manufacturers the BitBox hardware wallet, has disclosed a potential man-in-the middle ransom attack vector on the rival Trezor and KeepKey hardware wallets.
  • A ShiftCrypto developer known as Marko discovered the vulnerability in the spring of 2020, and notified the Trezor and KeepKey teams respectively in April and May. A Trezor representative confirmed to CoinDesk that the attack "is only theoretical and has never been performed in practice."
  • ShiftCrypto did not suggest the attack had been carried out, only that an attack was possible.
  • Trezor has patched the vulnerability for its Model One and Model T hardware wallets. KeepKey (which is a fork, or copy, of Trezor and so runs near-identical code) has not made a fix, according to the ShiftCrypto team, who said the manufacturer cited “higher priority items” as the reason. CoinDesk reached out KeepKey to ask the team why they deemed the attack vector low priority but did not receive a response by press time.
  • The hypothetical attack involves an optional passphrase that Trezor and KeepKey users can set to unlock their device in lieu of the usual PIN code. Both hardware wallets require a USB connection with a computer or mobile device to manage accounts. When plugging the hardware wallet into the other device, a user would type the passphrase into the latter to access the former.
  • The problem is that neither Trezor nor KeepKey would verify the passphrase users entered. Verification would require displaying the passphrase on the wallet’s screen so the user could ensure it matched what they typed on the computer.
  • Without this safeguard in place, a man-in-the-middle attacker could have modified the information relayed between Trezor or KeepKey and their users by importing a new passphrase into the wallet. The user would be none the wiser, since he or she couldn’t check that the passphrase on the device matched the one on the computer screen.
  • Upon inputting the old passphrase, the user would open the hardware wallet’s interface on the computer as usual. Each address generated, however, would be under the control of the new passphrase set by the hacker, so the hardware wallet user would be unable to spend funds locked in these addresses.
  • The attacker, however, would not have access to these addresses because they are still derived from the wallet’s seed phrase, so they can only be held for ransom. Thus, even if the hacker had access to the real passphrase, he or she would need the seed phrase or access to the device itself.
  • This ransom attack could be executed against multiple users at once, and multiple cryptocurrencies could be taken hostage at the same time.
  • Trezor and KeepKey have had run-ins with vulnerabilities in the past, but most of these required physical access to the hardware wallets to succeed with a couple exceptions. The one discovered by their competitor broke ground by allowing the hypothetical attacker to work remotely.

UPDATE (Sept. 3, 17:31 UTC): Added comments from Trezor in the third paragraph.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.