This Popular Hardware Wallet Can Be Breached Physically in 15 Minutes – Kraken

Hardware wallets have a reputation of being one of the safest wallets for storing cryptocurrency. Though they are more expensive option, many cryptocurrency investors prefer them over soft wallets and paper wallets. However, Kraken Security Labs has found a serious flaw with Keepkey Hardware wallets, which makes them susceptible to getting breached easily. 

This Glitching Device Can Help Break Into Keepkey

Per a blog published by Kraken Security Labs, there is a way by which seeds can be extracted from a Keepkey hardware wallet. It only takes a hacker about 15 minutes with the wallet to extract the seeds.

The breach takes place with a voltage glitching device, which, according to Kraken Security Labs, can be developed for $75. Though the encrypted seeds in the wallet are protected by a 1-9 digit pin, they are not immune to brute force, and using the voltage glitching device, they can be accessed easily. According to the blog, the microcontroller has inherent flaws which the attack exploits, and there is no other way to fix it except for a hardware redesign.

The blog recommends that the users should not allow physical access to the wallet, and warns that if users lose their Keepkey then their cryptocurrency is at a risk of being stolen with this attack. It also recommends users to enable their BIP39 Passphrase with the KeepKey Client.

Keepkey’s Response to the Findings

Keepkey has responded to the Kraken blog, saying that they are already aware of the issue, and at the time the issue had been identified, they had advised their users to use the BIP39 passphrase. In the blog, they also stated that the claim that the wallet can be hacked in 15 minutes is misleading –

“It’s misleading to claim the device can be hacked in 15 minutes. Executing this attack requires significant preparation and expertise as well as specialized equipment, and assumes physical possession of the device.”

Nevertheless, they have emphasised on securing cryptocurrency against attacks using BIP39 passphrase, and not allowing others physical access to the Keepkey hardware wallet.