Saving Your Bitcoin Gambling Funds in Ledger or Trezor Wallets? You Should Know About These Hacks!

by

In the world of Bitcoin and other leading cryptocurrencies, hardware wallets are the most trusted way of storing coins for thousands of people due to their “cold” (offline) way of storage. And at the top of the hardware wallet industry are two names, Trezor and Ledger, the products of which are used by anyone from investors to players in Bitcoin casinos that wants an impenetrable and virtually unbreakable way of keeping their coins safe. However, according to a recent presentation by a team of three security experts, the most secure hardware wallets in the world aren’t really 100% safe.

Four Security Issues Found

At the 25^th Chaos Communication Congress – a 4-days conference on utopia, society, and technology held in Leipzig, Germany on an annual basis – a trio of security experts that goes by the name wallet.fail presented four faults in Trezor and Ledger wallets that could be exploited by hackers to steal coins. With a catchy name of “Poof goes your crypto”, their presentation easily grabbed the attention of visitors as it showed how the world’s most trusted devices can fail in protecting their users’ funds.

The first “fail” the team found is that the wallets can be breached during the supply process. Some hardware wallet manufacturers like Trezor protect their devices during shipping with special hologramic security stickers, but the team claims these stickers can be tampered with. Also, replacement of parts is likewise possible during the supply process with some models, which makes it that much more important to only buy from reputable sources.

Other ways in which hackers can breach your wallet is via the bootloader, especially in the Ledger Nano S. Through a fake update of the firmware, hackers can replace your bootloader code with a malicious code that could be used to withdraw your Bitcoins to a different wallet. The team also found security issues in the microcontrollers of some Trezor and Ledger wallets, which they claim can be compromised with nothing more than some cheap hardware found on eBay.

And finally, you have the side-channel attack method, which is the most complex way of breaching the wallets. In this method, hackers need to build a special antenna to catch the radio waves your device is emitting, which then have to be analyzed to figure out your encryption keys. This method only works if the hackers are in your vicinity.

How Can You Protect Yourself?

Most of these new-found flaws depend on someone having physical access to your device or someone posing as a reliable source of firmware or a seller. So, if you plan on using a hardware wallet from either company and are not planning to part with your coins easily, there are a few things you can do to protect your assets.

First of all, always buy wallets directly from the source, even if it means paying extra for shipping costs. Secondly, never download any firmware from other sites apart from the official domains and apps of Trezor and Ledger. Thirdly, never use the wallet in a public space, especially if you hold a significant investment on it, because you might just be a valuable target for a side-channel attack. And lastly, think how much cash is your wallet worth and always act like you’re carrying that kind of money around when your wallet is with you.