- Ledger Donjon identified microcontroller vulnerabilities in the Trezor Safe 3 and Safe 5 hardware wallets.
- Trezor has patched the flaw, ensuring user funds remain protected.
- The findings raise concerns about cryptographic operations outside the Secure Element.
Ledger’s security experts, Ledger Donjon, have found a critical flaw in some of Trezor’s hardware wallets, Safe 3 and 5. The weakness exists in the microcontroller, that is the device’s main computer.
According to Ledger, this could allow attackers to compromise users’ crypto assets through voltage glitching techniques – a hardware attack that disrupts a device’s power supply to cause errors and bypass security.
Trezor’s Secure Element is designed to defend against physical attacks like this, but a design flaw reportedly allows a well-equipped hacker to modify the software and potentially access the user’s funds remotely. This is a serious concern for anyone storing significant value on these devices.
Despite Trezor adding security layers like firmware integrity checks, Ledger Donjon’s research suggests that sophisticated attackers could still find ways around them.
Related: Crypto Wallet Trezor Alerts Customers to an Ongoing Phishing Attack
This highlights deeper concerns about cryptographic processes outside the Secure Element and the constant need for improvement in the broader security of hardware wallets.
Trezor’s Response: Focus on Supply Chain
Trezor responded quickly to Ledger’s findings. While acknowledging the microcontroller vulnerability in its Safe 3 device, the company stated that a firmware fix is currently unavailable. However, Trezor reassured users that funds are safe, emphasizing multi-layered supply chain attack defenses for those purchasing from official sources.
“Your funds remain safe, and you need not take any action. Ledger Donjon reused a previously known attack to bypass some of our countermeasures against supply chain attacks in Trezor Safe 3. Nevertheless, users who purchase from official sources are fully secure.”
Related: Solana Hack Exposes Library Flaws, Costs Developers $160K
Ledger claims that its research aims to strengthen the crypto ecosystem and is not limited to exposing competitor vulnerabilities. By collaborating with Trezor and other wallet providers, the firm says it hopes to elevate security standards, ensuring user assets stay protected.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
