Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram ThePornDude
Home Artists Posts Import Register

Trezor Fear Circulating (Patreon)

Published:
2023-05-25 14:13:41
Imported:
2023-05

Content

Hey Team

Lots flying around now - folks spreading FUD re Trezor post the Ledger apocalypse. 

Just rem 2 things

1) KEEP YOUR SEED SAFE

2) KEEP YOUR KEY SAFE

That's it. 

TLDR

  • Unciphered claimed to have developed an exploit that could bypass the security mechanisms of the Trezor T hardware wallet.
  • The exploit required physical access to the Trezor T and specialized GPU chips.
  • Trezor acknowledged that Unciphered's demonstration was similar to a vulnerability that was discovered in 2020.
  • Trezor said that the vulnerability could be mitigated by using a strong passphrase.
  • Trezor said that it is working on a new secure element for hardware wallets that will address the vulnerability.

THE FUD 

Hardware wallets, which store private keys offline and are designed to protect crypto assets, are generally considered highly secure. Unciphered said, however, that the hardware security mechanisms of the Trezor T model can be theoretically bypassed if a hacker had a T wallet in possession.

The type of exploit depicted by Unciphered would only be feasible if the attacker had physical access to the hardware wallet.

In the video, the Unciphered team said it developed an “in-house exploit” that allowed them to extract the wallet’s firmware. Eric Michaud, co-founder of Unciphered, claimed that by leveraging specialized GPU chips, they were eventually able to crack the device’s pin seed phrase.

“We uploaded the firmware we extracted onto our high-performance computing cracking clusters," Michaud explained in the video. "We have about 10 GPUs, and after some time, we extracted the keys.”

Michaud further claimed that fixing this exploit for Trezor T would require a recall of all their products.

Trezor's Response

Trezor acknowledged that Unciphered’s demonstration had similarities with the Read Protection Downgrade (RDP) vulnerability discovered by Kraken Security Labs researchers that affected both the Trezor One and Trezor Model T. This implies that the vulnerability is not new.

"This appears to be a vulnerability called an RDP downgrade attack and as communicated on our blog in early 2020, RDP downgrade attacks require physical theft of a device and extremely sophisticated technological knowledge and advanced equipment," Trezor's chief technology officer Tomáš Sušánka said. "Even with the above, Trezors can be protected by a strong passphrase, which adds another layer of security that renders a RDP downgrade useless.”

Trezor added that it has taken significant steps to resolve the issue in future by developing a new secure element for hardware wallets with its sister firm, Tropic Square.

Comments

Anonymous

Sorry what happened to ledger?! I must have missed that one!!

Anonymous

Did James make a video on how to use trading view? Or does anyone know a good source? I know a little but need to hone my skills. MA's etc. Before I can start paying for pro account and PT on Steroids.

Anonymous

Just gonna keep all my Bitcoin on Robinhood lol

Anonymous

Ledger CEO claimed on Peter McCormacks podcast that they can get the seed off a Trezor in 30 seconds and its chip is no better than what you find in a toaster...

Anonymous

So basically none of the current options on the market are secure enough. After the Ledger debacle, now Trezor yikes.

Anonymous

Good, objective breakdown. Thanks for the info.

Anonymous

Pascal Gauthier the CEO of Ledger said on the What Bitcoin Did podcast that his Ledger Donjon team can extract Trezor private keys within 30 seconds & open source is not the answer to security. He mentioned the chip in a Trezor is the same as what's in your toaster and not a secure element. Using a Ledger and not opting into the the subscription based Ledger Recover still seems like the best to me.

Anonymous

Brand X CEO saying Brand Ys product is a piece of junk? 😱

Anonymous
>>109327773

It was just the opposite actually. He didn't bash any other brand and was quite complimentary to them. Maybe watch the podcast first

Anonymous

Blockstream JADE and Coldcard were given by others as an alternative. Anyone have any experience with these? And these may be BTC only wallets…..

Anonymous
>>109327773

That's fair, I'll listen to it. But if he was complimentary to others and not Trezor, you'd have to admit Trezor is their closest competitor and there is a good incentive to deflect with the recent controversy Ledger has been through.

Anonymous
>>109327773

He was fair to Trezor as well and even said "I don't want to bash Trezor or another competitor" He was simply addressing the silly statements CT and YT people were putting out that insisted "open source like Trezor is what's needed for the best security" when in fact it is just the opposite and the Ledger Dongon team who help out 90% of the hardware community by hacking into their wallets and telling them where the flaws are can get into a Trezor in 30 seconds. So everyone's suggestions that you need to go with open source tech for better security is not even close to correct.

Anonymous
>>109326953

I’m not saying it’s untrue, but it’s important to note that the CEO of Ledger said those things on a podcast. Not the best source for unbiased data. I’d confirm that’s true before taking his word for it.

Anonymous
>>109326953

I think it holds more weight then a YouTuber or crypto person trying to get views or spreading misinformations as facts. I’d put more trust in a proven company with a good track record then a random person online but each to their own.

Anonymous
>>109327773

Regardless, we should always verify rather than trust, right? Everything and always. IMO.

Anonymous
>>109299232

I’d say use TradingView for a few years before you start paying for anything (aside from a better TView account). Fundamentals first. Do you have RSI down and are you drawing horizontal support/resistance lines? Pulling Fibonaccis? Trend. Momentum. Market structure. Read them. Traditional indicators are effective AF.

Anonymous

PHYSICAL ACCESS TO YOUR DEVICE IS NEEDED IN ORDER TO ACCESS YOUR KEYS WITH THE EXPLOIT. Just wanted to put that in bold for the people who missed it.

Anonymous
>>109299232

Thanks, I have been playing for a few month with indicator FIB, MA's Stochastic RSI. Trouble determining resistance and trends. I guess i just need to watch some more video to make sure my settings are correct? The reason I need to hone my TV Skills is because i try to use IA Trading pairs on steroid.

Anonymous
>>109327773

Ledger just isn’t any cold wallet manufacturer. They do a lot more for the overall cold storage community then provide wallets. They have a team that proactively tries to find vulnerabilities in other wallets and when found they report them to be fixed to further the overall cause. When the ceo of ledger mentioned being able to hack Trezor it’s because his team can and has.

Anonymous
>>109329848

Correct they are and I would recommend either for your BTC ….. IA also recommended both these options

Anonymous

ALSO WRITING IN CAPS PLEASE WATCH THIS …………. As per the same reason as Mr Snipes ….. people stay calm ………. Below 2 gentlemen that you can trust in this space (along with IA 🥃) https://www.youtube.com/live/9scIevuymZM?feature=share

Anonymous

So I just got my new Trezor in the mail, which I was going to replace my Ledger with. Now I’m not sure what to do…

Anonymous

So which wallet is safe

Anonymous

Which wallet is safe now? Maybe James could do an update I am confused.