Kraken Security Labs Discovers ShapeShift’s KeepKey Crypto Wallet Can Be Hacked Easily For $75

KeepKey hardware wallets are affected by a flaw that would make them vulnerable to attacks if a hacker has access to the device for around 15 minutes. This is according to a recent report released by Kraken Security Labs and published in a blog post on December 10.

KeepKey Crypto Hardware Wallet Affected By Flaw

As per the report released by Kraken, an attacker would rely on voltage glitching to extract the encrypted key of the user from KeepKey wallets. After this, the encrypted seed can be cracked and the PIN can be easily hacked with brute force. The researchers claim that it is possible to perform this attack with a consumer-friendly glitching device for just $75.

In addition to it, the report explains that it would not be possible to stop these attacks from happening with a software update from the company. In order to solve this issue, a needed  complete hardware redesign, which is certainly expensive to perform and very costly for users.

The company claims that they are already aware of these attacks but their goal is to protect users against remote attacks that could happen to online, desktop or mobile wallets, among others.

It is very important for users to be sure that if they lose their cryptocurrency wallet, the funds could be potentially accessed by attackers and the funds could be at risk of being stolen. The cryptocurrency market has many times been affected by hacks that were pointed at exchanges and other large holders of digital assets.

The report has also advised users to enable the BIP39 Passphrase with the KeepKey client in order to protect the crypto funds in the wallet. The passphrase is generally not user-friendly in practice but it is also not stored on the device, meaning it would not be vulnerable to this attack.

Source