The solid reputation of hardware wallets as a secure and safe storage for digital currencies was put into question when a recent report as of mid-August 2017 claimed that Trezor, one of the most popular wallets, was successfully infiltrated by hackers.
Based on the report, Trezor devices are allegedly vulnerable to fairly simple hacks that allowed the theft or identification of private keys from said devices.
How the hack was made possible
In its official blog, Trezor admitted the incident and explained how the attack worked. The company said that the seed for the private key was saved in flash memory and was relocated to the device’s random access memory (RAM) during use.
Someone who has access to the device and the firmware could have been able to extract the seed from the RAM.
The security flaw seems to be limited to Trezor devices, so users of other devices or wallets should not be worried about the security and safety of their accounts.
However, it is advised that users of hardware wallets should remain vigilant against possible threats and make sure that their firmware is always up to date.
Trezor’s response on the attack
Based on its official blog, Trezor has already launched its firmware security update version 1.5.2 to resolve the issue and eliminate all known vulnerabilities of its system.
With the new version, the firm said that the chance that a cyber criminal can gain physical access to a user’s device is already very slim or virtually impossible.
The company, however, still advised all its users to remain vigilant and update their firmware immediately in order to protect their accounts fully.
Despite the swift action by Trezor on the attack, the incident still created some doubt among users on the security of hardware wallets.
It remains to be seen if the confidence of the users in the platform will be fully restored in the near future.