Cracking a Trezor Cryptocurrency Wallet worth US$ 2 Million

In 2018, two “investors” bought US$ 50,000 of a newly-issued cryptocurrency called Theta token and stored the private keys on a “hardware wallet” from Trezor. A so-called hardware wallet is a device (usually a generic microcontroller running—gasp—software) which stores the secret keys corresponding to public addresses in encrypted form, usually protected by a PIN, using a design whereby the secret information is not exposed in any way to external examination. As the crypto in the wallet went up and down, they forgot about it and, in addition, forgot the PIN they used to secure the data.

Well, fast forward to a few years later, and the funds in that wallet had appreciated to more than US$ 2 million, reaching a peak over US$ 3 million at one point. Wanting to take their profit, they then discovered the PIN had been lost and tried to guess it. After 12 tries, they stopped guessing, because after 16 wrong entries, the Trezor irreversibly erases the private data, which would be bad.

Eventually, one of the pair contacted Joe Grand, a self-described “hardware hacker”, who agreed to take on the challenge. The saga is described in The Verge, “Cracking a $2 Million Crypto Wallet”. Here is a video of the process used to bypass the Trezor’s security.

Trezor notes in the video’s comments that this was a vulnerability they patched in 2017 and would not work on current devices. OK, fine, but how many devices are out there which still contain the vulnerability? And how many flaws may remain in current versions?

There is an abundance of imprudent behaviour on display here. First of all, if two people jointly own the contents of the wallet, why wouldn’t each have a copy of PIN, dramatically reducing the probability it will be lost? Second, how crazy or stupid do you have to be to store private keys for any amount of cryptocurrency on a single hardware device? If that Trezor were lost or stolen, spontaneously failed, was zapped by static electricity, or was destroyed by plugging it into a malfunctioning USB port on a computer, everything would have been lost. I would consider four independent backups on at least two different kinds of media, kept in separate locations, the bare minimum for funds worth US$ 50,000, the initial value stored.

Then there’s the question of using a “hardware wallet” at all for non-transactional cold storage. If the funds are to be treated as a long-term investment, why entrust them to what is, in reality, a proprietary hardware/software system which is occasionally plugged into another computer? Such a device may be a convenient way to store keys for frequently-accessed funds, as opposed to storing the keys on a computer connected to the Internet and running other tasks, but long-term secure storage is much better achieved by printing the keys on paper and storing these off-line copies in multiple, secure locations, using key sharing to allow access by k of n parts where appropriate. (Fourmilab Blockchain Tools provides everything you’ll need to do this, all on your own computer and without sending any secure information over the Internet.)

“Hardware” is increasingly used as a magic spell invoking security that fallible software famously lacks. But in almost any case, when you look at that “hardware” what you find inside it is software, which may be no better than any other. In this case, the Trezor was vulnerable to power loss at just the moment it read the in-the-clear PIN from its internal secure storage into RAM, before encrypting it and deleting the cleartext. Cutting power at just the right instant allowed retrieving the data from RAM using the STM32 microcontroller’s debug interface. This is a classic form of error in secure software development: programmers assume their code is running properly by a processor under normal conditions. That isn’t good enough—you have to take into account all possibilities, including a crafty hacker dropping power to the processor at just the moment the code is vulnerable. The Verge reports:

Trezor already fixed part of the problem Grand exploited in later versions of its firmware. The wallets no longer copy or move the key and PIN into RAM at all. Pavol Rusnak, co-founder and CTO of SatoshiLabs, which makes Trezor wallets, said it now stores them in a protected part of flash that isn’t affected during firmware upgrades.

But a core issue with the chip that allows fault injection still exists and can only be fixed by the chip maker — which the maker has declined to do — or by using a more secure chip. Rusnak says his team explored the latter, but more secure chips generally require vendors to sign an NDA [non-disclosure agreement], something his team opposes. Trezor uses open-source software for transparency, and when Rusnak’s team discovered a flaw in one secure chip they considered using, the chip maker invoked the NDA to prevent them from talking about it.