BitcoinBusinessTechnology

Developer Discovers “Ransom Attack” Exploit Within KeepKey and Trezor Wallets

This article was updated with additional information on September 4th after the BTC Times received a response from SatoshiLabs.


According to a developer of hardware wallet ShiftCrypto, an attack vector affecting KeepKey and Trezor devices could allow hackers to hold crypto funds ransom. 

The developer goes by Marko and writes that passphrases - a security layer that can create "hidden" wallets - belonging to both ShapeShift's KeepKey and SatoshiLabs' Trezor devices only need to be entered into a corresponding host wallet such as Electrum, not into the hardware wallet itself–though Trezor gives the option to enter it on the device as well.

This produces a vulnerability in which a malicious wallet or a man-in-the-middle attack could, in effect, lock the user out of their own funds by changing the host wallet passphrase.

"The passphrase that the Trezor/KeepKey ends up using might not be the one you entered, but a passphrase controlled by the attacker,” Marko told the BTC Times. "Since both the passphrase and the device are needed to spend funds, the user is locked out until the attacker shows the fake passphrase to the user."

Such a loophole would allow scope for a ransom attack in which a hacker demands payment from their victim in order to reinstate the access to their funds.

Marko says he managed to perform the attack successfully via Electrum on the Bitcoin testnet, although he noted that there is no evidence to show that the issue has been exploited in practice. 

After discovering the vulnerability, Marko says he informed both Trezor and KeepKey of the potential issue. Per the ShiftCrypto blog, Trezor released a fix in both Trezor One v1.9.3 and in Model T v2.3.3 on September 2nd, 2020.

SatoshiLabs CTO Pavol Rusnak told the BTC Times that Trezor had been aware of the vulnerability and, while recognizing that showing the passphrase on the hardware device's screen would be "the obvious fix," found it would create other risk factors in turn "because a user who is not expecting it may compromise it to someone looking over their shoulder."

After Marko's disclosure, Rusnak says the vulnerability was re-evaluated and a warning screen was implemented that would inform Trezor users that their device is about to display their passphrase. "You can increase the overall security by doing some clever UX tricks and this is one of them," he added.

Meanwhile, according to Marko, KeepKey has yet to issue a fix, stating that they are "working on higher priority items first."

Fortunately, despite being a remote attack, the would-be ransom attack doesn't scale very well as It only affects users who use the optional passphrase feature and input their passphrase via a host wallet.

Past Exploits

This marks the latest on a list of vulnerabilities discovered in both Trezor and KeepKey wallets.

In December 2019, an audit by Kraken's Security Lab detailed a "voltage glitching" attack that could be used to derive the KeepKey's seed phase—allowing direct access to crypto stored on the device.

In January 2020, Kraken successfully carried out the very same exploit on several Trezor devices. Ironically, Trezor responded by advising users to employ passphrases.

"It's important to note that this attack is viable only if the Passphrase feature does not protect the device, Trezor said in a blog post. "A strong passphrase fully mitigates the possibilities of a successful attack," it added.

Both the passphrase and the voltage glitching exploit have since been patched by Trezor. The BTC Times has reached out to ShapeShift and Trezor, who were not immediately available for comment.

written by

Will is a freelance journalist and copywriter based in London. He's covered the crypto industry in various roles for several years after becoming enamored with the space in 2014. He has bylines in various cryptocurrency magazines such as Decrypt and CoinTelegraph.