Trezor and Ledger, two of the most widely utilized cryptocurrency hardware wallets, have reaffirmed that the recently discovered vulnerabilities on CPUs and the latest Spectre attacks have not affected hardware cryptocurrency wallets.
Hardware wallets not vulnerable
As Cointelegraph previously reported, Pavol Rusnak, the chief technical officer at Satoshi Labs, the parent company of Trezor, wrote:
“As more people are asking: @TREZOR is not vulnerable to recent Meltdown and Spectre hardware attacks, because it has processor not affected by these. Also our firmware is always signed, so the device never runs untrusted code. Using a hardware wallet is now more important than ever.”
Rusnak emphasized that users should rely on hardware wallets at this specific period of time, because Spectre attacks have drastically impacted the cloud services on which many cryptocurrency exchanges and wallet platforms operate. Earlier today, several cryptocurrency exchanges including Bittrex were taken offline due to the vulnerabilities found in Intel CPUs. These weaknesses affected Azure cloud services offered by Microsoft, and by extension, the exchanges hosted on Azure.
New York Times cybersecurity journalist Nicole Perlroth wrote:
“Meltdown and Spectre show that it is possible for attackers to exploit these design flaws to access the entire memory contents of a machine. The most visceral attack scenario is an attacker who rents 5 minutes of time from an Amazon or Google or Microsoft cloud server and steals data from other customers renting space on that same cloud server.”
Safekeeping of funds
Hardware cryptocurrency wallet developers and Bitcoin experts have recommended users to move their funds from centralized online platforms to hardware wallets. Jonas Schnelli, a Bitcoin Core developer, stated:
“The current privileged memory side channel attacks just confirms what many Bitcoin users already know. Don't trust your PC. Don't think applications (and private keys) are shielded. Use a hardware wallet.”
Unlike exchanges, hardware wallets are non-custodial wallets that allow users to remain in full control over their private keys. When users initialize their hardware wallet, they write down 12 - 24 words which comprise a backup for their seed. With this backup, even if the wallet platform gets hacked, users can obtain their funds and move them to another wallet or paper wallets.
But centralized trading platforms and wallets store private keys on behalf of their users. The result is a centralization of private keys, creating a significant security issue.
Don’t use wi-fi
The Ledger development team released a detailed blog post as to why hardware cryptocurrency wallets are not at risk due to Intel, AMD and ARM CPU vulnerabilities. The company wrote:
“Ledger’s devices are not affected by these attacks. First of all, to exploit these flaws, the attacker has to be able to run arbitrary code. As long as you only use Ledger’s embedded apps (which is strongly recommended), your Nano S / Blue is not vulnerable to these kind of attacks.”
Most importantly, because any modern machine is affected by the Spectre vulnerabilities, it would be wise not to use Wi-Fi while sending and receiving cryptocurrencies.