Researchers have conducted a series of successful attacks on Trezor and Ledger hardware wallets

Wallet.fail, a Berlin-based security research team, has launched a series of successful physical attacks on popular hardware devices from Trezor and Ledger.

During the presentation at the 35th Chaos Communication Congress in Leipzig, Josh Datko, Dmitry Nedospasov and Thomas Roth successfully demonstrated a series of various attacks on popular hardware wallets Trezor and Ledger.

In particular, some of the exploits demonstrated included the following:

  • Getting a PIN and mnemonic phrase from Trezor RAM;
  • Signing transactions remotely through compromised Ledger Nano S;
  • Interception Ledger Blue PIN;
  • Lacking load Ledger Nano S.

In addition, the researchers identified five separate genres of vulnerabilities that can be used during attacks on the hardware wallet, namely:

  • Architectural;
  • Firmware;
  • Hardware;
  • Physical;
  • Software;

From here, in the hardware wallets industry, values ​​will most likely re-evaluate. The good news, of course, is that average users will probably never face such attacks, because attackers simply won’t have physical access to devices in most cases.

Commenting on the situation, the CTO in SatoshiLabs, the company responsible for Trezor, wrote on their twitter that they were not informed about the errors in advance, so they learned about them from the stage. He also added that troubleshooting will be done through a firmware update at the end of January.

Leave a Reply

Close menu

Donate Ethereum


0x2b1907f048ec25f271784b5ee743ee647d89621c

Donate Litecoin


MBNNbmdxU9thDYc1bsP7NyYGGLJshENGEb

Donate Bitcoin


3CSiFHVcyWsUsnsWkz3W2NZN98m5KvDsaT