The crypto industry is known for both fierce competition and cooperation in times of need. The latter was highlighted when a major hardware wallet manufacturer helped its competitor fix a security flaw.
Charles Guillemet, Chief Technology Officer (CTO) at France-based major hardware wallet manufacturer Ledger, said that their team recently found that the Trezor Safe 3 hardware wallet was "susceptible to physical supply chain attacks." Trezor wallets are manufactured by the Czechia-based company SatoshiLabs, a major competitor of Ledger.
The French company said that its Ledger Donjon team of security researchers discovered that if a Trezor Safe 3 wallet were stolen, an attacker could "theoretically" modify its software, endangering the user’s funds.
The device in question, as well as the Safe 5 model, features a two-chip design: a secure element paired with a microcontroller. Secure elements are chips designed to withstand physical attacks.
Ledger's CTO pointed out that cryptographic operations in these wallets are still performed on the microcontroller.
"If an attacker modifies the software on the microcontroller, they could potentially access the user's funds remotely," Guillemet said.
According to him, while Trezor has implemented additional protections, Ledger Donjon was able to bypass them.
After these findings were reported to the Trezor team, Trezor “addressed the vulnerabilities we found," the CTO said.
Meanwhile, Trezor confirmed that users' funds are safe and that no action is needed on the customer’s side.
"Ledger Donjon reused a previously known attack to bypass some of our countermeasures against supply chain attacks in Trezor Safe 3. Nevertheless, users who purchase from official sources are fully secure," the Trezor team said.
Meanwhile, SatoshiLabs' company Tropic Square recently introduced TROPIC01, an open-source secure element that is considered a game-changer in the hardware wallet security field.
Your email address will not be published. Required fields are markedmarked