Crypto Twitter Defends Trezor, Claims FUD Over Trezor T Hacking News
- Unciphered claims that they hacked into the Trezor T with Trezor’s latest firmware.
- This news comes shortly after Ledger’s controversial ‘Ledger Recover’ update.
Crypto Twitter claims that cryptocurrency recovery solutions company Unciphered’s video of hacking into a Trezor T is
simply FUD. Users have detailed that Unciphered’s hacking method requires the attacker to physically hold the victim’s wallet before performing the exploit. Furthermore, users claim that all that is required to protect private keys is a strong passphrase.
Some users contend that the hacking news has been misinterpreted and isn’t particularly important. Three years ago, Kraken Security Lab researchers discovered the Read Protection (RDP) Downgrade attack which exploited the physical vulnerabilities of Trezor devices to steal data. Trezor themselves have released a statement addressing the vulnerability, which is allegedly the same vulnerability exploited by Unciphered. As a result, people have categorized this exploit as old news.
On May 24, Unciphered announced that it cracked the Trezor T by satoshilabs. Unciphered has not revealed details about the specific attack they performed due to “current engagements and non-disclosure agreements” that restrict them to do so. Accordingly, Unciphered has criticized Trezor for not doing anything to fix the vulnerability of its hardware.
Three years ago, Kraken Security Labs discovered the physical vulnerabilities of Trezor. As a result, Trezor made efforts to fix the vulnerability, notably through its sister company Tropic Square. Interestingly, Unciphered has mentioned that this vulnerability has already been patched, and their exploit was on Trezor’s latest firmware.
This news comes after Ledger’s controversial firmware update surrounding ‘Ledger Recover’. Users can use this feature to back up their secret recovery phrase and recover it in an emergency. However, users reacted angrily to this decision, claiming that the update compromised their data by introducing a backdoor.