This Popular Hardware Wallet Can Be Breached Physically in 15 Minutes – Kraken

By Vinnie Singh
December 11, 2019 Updated December 11, 2019
Best In

Trending Tokens





Hardware wallets have a reputation of being one of the safest wallets for storing cryptocurrency. Though they are more expensive option, many cryptocurrency investors prefer them over soft wallets and paper wallets. However, Kraken Security Labs has found a serious flaw with Keepkey Hardware wallets, which makes them susceptible to getting breached easily. 

This Glitching Device Can Help Break Into Keepkey

Per a blog published by Kraken Security Labs, there is a way by which seeds can be extracted from a Keepkey hardware wallet. It only takes a hacker about 15 minutes with the wallet to extract the seeds.

Source: Kraken Blog

The breach takes place with a voltage glitching device, which, according to Kraken Security Labs, can be developed for $75. Though the encrypted seeds in the wallet are protected by a 1-9 digit pin, they are not immune to brute force, and using the voltage glitching device, they can be accessed easily. According to the blog, the microcontroller has inherent flaws which the attack exploits, and there is no other way to fix it except for a hardware redesign.

The blog recommends that the users should not allow physical access to the wallet, and warns that if users lose their Keepkey then their cryptocurrency is at a risk of being stolen with this attack. It also recommends users to enable their BIP39 Passphrase with the KeepKey Client.

Keepkey’s Response to the Findings

Keepkey has responded to the Kraken blog, saying that they are already aware of the issue, and at the time the issue had been identified, they had advised their users to use the BIP39 passphrase. In the blog, they also stated that the claim that the wallet can be hacked in 15 minutes is misleading –

“It’s misleading to claim the device can be hacked in 15 minutes. Executing this attack requires significant preparation and expertise as well as specialized equipment, and assumes physical possession of the device.”

Nevertheless, they have emphasised on securing cryptocurrency against attacks using BIP39 passphrase, and not allowing others physical access to the Keepkey hardware wallet.

All things Blockchain & Crypto. 3 years for writing for Crypto Publications, ICOs and Blockchain cos. Book Junkie. Travel Freak. Food rules my mood. Enough said. Follow me on twitter @vinniesingh7 or mail me at vinnie[at]
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.

Next Story