Donjonledger, the security team at Ledger Company and creator of Hardware Wallets, is the same name and has worked with Trezor Company to identify and resolve physical Monedary Trezor Safe 3 vulnerabilities.
Trezor is the company behind some of the most used wallet hardware for Bitcoin (BTC), Ethereum (ETH), and other cryptographic actions.
As he explained in his March 12 publication, he explained in X, Charles Guillemet, and CTO Ledger. Attackers can modify the software The wallet incorporates a secure element chip designed to protect your private key, but access your digital assets.
When talking about devices, it can be “stolen or manipulated in the supply chain.” This can happen, for example, in transit or in a warehouse. Access and change the device Before he reaches his destiny.
If the attacker changes the software, it could change the program that runs the wallet hardware. Introduction of malicious code It sends the user’s private key to an external server or manipulates transactions that have been made.
Research shows that Trezor’s double-chip design is not sufficient security
The analysis of this vulnerability, detailed by Guillemet, highlights that even wallet hardware, which is considered one of the safest ways to store wallet keys, is unimmunized by certain risks.
The Trezor Safe 3 uses a double-chip design. A safe element, in this case the chip Optiga Trust m Infineon Technologies protects user pins and keys. This chip is a special component. Designed to resist attacks and protect important informationencryption keys that allow cryptocurrency to move.
The Trezor Safe 3, on the other hand, includes another microcontroller. Performs the encryption operation. According to the ledger CTO, the safe elements are the voltage of the device, devices, devices, devices, and Microcontrollers are still weak. If an attacker accesses the device and changes the software running on this second chip, It could infringe your funds Remotely.
Guillemet highlighted that Trezor tried to mitigate this risk by verifying the firmware integrity. This is the mechanism that attempts to warn users if the software changes.
However, the investigation presented by ledger executives was This protection is undoubtedly“Even if this mechanism is original, it can be overcome by certain attackers,” Guillemet said. Additionally, he revealed that the disorder had been reported to Tresol.
Wallet hardware also poses risks
The discovery of Donjonledger does not mean that wallet hardware is unstable by default, but emphasizes the importance of considering the context in which they are retrieved and used. In that context, Cryptootics reported in September 2024 that its security team discovered a vulnerability related to a secure element 14 years from when you don’t notice. That negligence could also have Trezor users as victims, but with the safe 4 and safe 5 models.
A practical way to reduce the risk of receiving an operating device Carefully inspect the package When it’s delivered.
A closed, enclosed package with no signs of opening or breaking provides a reasonable assurance that equipment is not breached in the supply chain. The indication of a change must be reasonably good to immediately distrust and contact the seller or manufacturer.
(TagStoTRASSLATE) Bitcoin (BTC) (T) Destacados (T) Ledger Wallet (T) Trezor (T) Wallets (Billetara)