Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bitcoin Security The Almighty Buck

Cryptocurrency Hardware Wallets Can Get Hacked Too (wired.com) 23

An anonymous reader writes: Whether you think cryptocurrency is a scam or a salvation, those digital coins can store real-world value. The safest place to keep them is in what's known as a "hardware wallet," a device like a USB drive that stores your currency and private keys locally, without connecting to the internet. But "safest" doesn't mean "perfect," which new research into two popular hardware wallets reinforces all too well. Researchers from Ledger -- a firm that makes hardware wallets itself -- have demonstrated attacks against products from manufacturers Coinkite and Shapeshift that could have allowed an attacker to figure out the PIN that protects those wallets. The vulnerabilities have been fixed, and both hacks would have required physical access to the devices, which minimizes the danger to begin with. But Ledger argues that it's still worth holding hardware wallets to the highest standards, just as you would a closet safe. Shapeshift's fix can be found here. Meanwhile, Coinkite's Coldcard Mk2 flaw has been fixed in the company's current Coldcard model Mk3, which started shipping in October.
This discussion has been archived. No new comments can be posted.

Cryptocurrency Hardware Wallets Can Get Hacked Too

Comments Filter:
  • This was obvious to everyone with a brain. They are a gimmick, they are just a little computer that runs software.
    • The safest place to keep them is in what's known as a "hardware wallet,"

      Ummm.... no. The safest place to keep them is in multiple locations, encrypted.

      If the only place you've stored your crypto is on a single hardware device, then eventually you're going to have no more crypto. Hardware failure alone is more likely than proper encryption being broken in one of your multiple disparate locations.

    • Who would have thought that a bunch of random guys with no experience in building an HSM, or probably any kind of secure hardware at all, would create a insecure "hardware wallet"? I've worked in that field before - uhh, HSMs, not "hardware wallets" - and the amount of work that goes into them, and the level of attacks they can withstand, is impressive. However, there's only a handful of people who have the right mindset to do that sort of stuff, and some random crowd on Kickstarter ain't it.
  • Try hacking that. xD
    Pre-emptive strike on the whole "carrying cash is dangerous, AAAH!" genre of comments; save your keystrokes. I don't live in a crime-ridden area where you have to worry about being mugged.
    • All of these attack types on hardware wallets require physical access to them for the hacks to work, so I'm not sure what you're on about. I can tell you that a hardware wallet is a heck of lot safer than some raw $20 that anyone can steal and spend. Keep your tree money and don't forget to clean up after your horse on your way out.

      • by tlhIngan ( 30335 )

        All of these attack types on hardware wallets require physical access to them for the hacks to work

        They better, because otherwise what's the point of a hardware wallet?

        And it's not really a hardware wallet - the wallet is still software based as it's part of the cryptocurrency network. All it records is movement of things between wallets, after all. The hardware wallet instead records the private keys associated with the wallet - the goal is to keep those private keys offline so even if your PC or phone is

  • The "We value your privacy" dialog does not respond to mouse clicks.

    open console and do this.

    for( var x in document.querySelectorAll("a")) { if( x.text == "I ACCEPT") c.click()}

  • by Way Smarter Than You ( 6157664 ) on Monday May 18, 2020 @08:11PM (#60076070)
    And I mean by a stranger / "hacker" not a family member with easy daily access to the home.

    I've never heard of such happening. Lost USB stick, yes, but stolen and crypto stolen, no.
  • I was browsing a website [snipon.com] and saw the ad of a bitcoin hardware wallet. I quickly browsed some of the top bitcoin hardware wallets available in the market. This video [youtube.com] on youtube helped me out to pick my bitcoin wallet. After reading the post by Wired I did extensive research to find out the truth behind bitcoin hardware hacking. There are very few cases related to a vulnerable bitcoin hardware wallet.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...