Kraken Security Labs has found a way to extract seeds from a KeepKey cryptocurrency hardware wallet. All that is required is physical access to the wallet for about 15 minutes.
Here’s how we did it:
- This attack relies on voltage glitching to extract your encrypted seed, which can require specialized hardware and knowledge. We estimate that a consumer-friendly glitching device could be created for about $75.
- We then crack your encrypted seed, which is protected by your 1-9 digit PIN, but is trivial to brute force.
- The attack takes advantage of inherent flaws within the microcontroller that is used in the KeepKey.
- This unfortunately means that it is difficult for the KeepKey team to do anything about this vulnerability without a hardware redesign.
Until then, here is what you can do to protect yourself:
- Do not allow physical access to your KeepKey
- KeepKey is actually already aware of similar attacks but claims only that: “KeepKey’s job is to protect your keys against remote attacks.”
- While physical attacks are certainly difficult to defend against, we find this stance to be potentially out of line with the branding of their product as “The Next Frontier of Crypto Security.”
- It is important to understand that if you physically lose your KeepKey this vulnerability could be used to access your crypto.
- Enable Your BIP39 Passphrase with the KeepKey Client
- This passphrase is a bit clunky to use in practice but is not stored on the device and therefore isn’t vulnerable to this attack.
At Kraken Security Labs, we try to discover attacks against the crypto community before the bad guys do. We responsibly disclosed the full details of this attack to KeepKey on September 11, 2019 and are going public now so that the crypto community can protect themselves.
To read the technical details of our findings, check out part 2.