Kraken Security Labs, a team employed by the popular cryptocurrency exchange - Kraken, has reported a problem. The developers announced that they found a vulnerability that allows hacking into the physical cryptocurrency wallet - KeepKey. What does the bug consist of? The attack described by Kraken Security Labs is based on exploiting differences in electrical voltage. This way, it is possible to steal access to the access keys (Seed) of a cryptocurrency wallet. Seed is a string that stores all the information needed to reconstruct the contents of the digital assets in a wallet. It is often used for backups, or restoring the contents after a private key has been lost. Your wallet's public key is stored on the blockchain, meaning it is publicly available and anyone can find it from anywhere. The private key you keep with you, you can't share it with anyone. It is a long string of many random characters and numbers. Even writing it down is complicated, not to mention memorizing the whole thing. That is why the mnemonic phase encryption method was introduced. The security team's publication The team estimates that the hardware needed to carry out such an attack can be purchased for as little as about $75. The hack cannot be done remotely, as it requires physical access to the device. Kraken Security Labs reports that such a theft is possible thanks to a certain microcontroller used in KeepKey ledgers. Consequently, the KeepKey team cannot get rid of the wallet security vulnerability without redesigning their structure. ShapeShift, the company behind the KeepKey wallet, responded to the public disclosure of the vulnerability by Kraken Security Labs. The wallet's co-founders claim that the cryptocurrency exchange's team contacted them about the discovered bug back in September. However, the company maintains that they themselves discovered the incompatibility 2 months earlier, in June. ShapeShift responded that the Kraken security department's post was misleading. "The statement that the device can be hacked within 15 minutes is false. Furthermore, performing such an attack requires significant preparation, as well as specialized equipment and extensive IT knowledge. Additionally, one must have physical access to the wallet." Note If you own a KeepKey wallet, both ShapeShift and Kraken Security Labs recommend enabling the BIP 39 password feature. This will add an extra layer of protection, as BIP 39 is not stored on the device itself. Tags keepkey Kraken vulnerability cryptocurrency wallets
No comments:
Post a Comment