The warning appears on Kraken’s latest blog post wherein it discusses a serious flaw in all of the Keepkey hardware wallets. The US exchange’s security research wing claims that it has found a way to hack seeds from Keepkey wallets. In retrospective, a seed phrase is a string of random words that allows owners to recover their cryptocurrency wallets. That said, anybody with access to seeds could gain access to cryptocurrency funds stored on a wallet.
Kraken found that Keepkey devices have an issue related to their microcontrollers. The exchange noted that people with physical access to victims’ crypto wallets could use specialized hardware to read their encrypted seeds. For that, the attacker would also need to crack the wallets’ pin code through brute force.
The issue now resides in each one of the Keepkey wallets in circulation. The company cannot solve it until it decides to replace them all with patched devices.
Keepkey rubbished Kraken’s findings based on its lack of relevance. The firm shared two articles discussing the same issue. One of them was penned by ShapeShift, which supports Keepkey as its premier wallet on its crypto-to-crypto exchange. The trading platform had written in June that Keepkey can protect clients’ funds from the most common attack vectors, such as viruses, malware, or remote hackers trying to steal private keys. Nevertheless, the firm is as helpless as any other wallet company when it comes to protecting clients’ devices from physical attacks.
Keepkey rival, Ledger, had responded similarly to a malware issue affecting its Nano S wallets back in 2018. After DocDroid reported that attackers could game the Ledger software by replacing the copied receiver addresses with its own, the firm had responded by saying that the issue was universal.
Charles Guillemet, the chief security officer at Ledger, demonstrated that hackers could guess Keepkey’s wallets’ passphrase in less than a minute by applying different combinations. Kraken reiterated the same evidence in its blog post, leading ShapeShift to write an eleven-step manual to fix the said problem.
Overall, the issue reminded what doomsday economist Nouriel Roubini had complained about cryptocurrencies. He had noted that anybody with a gun can steal private keys of wallets holding multi-million dollars worth of bitcoin. More so, there was no way for the victim to get the stolen funds back since crypto transactions are irreversible.
By Q3 2019, the cryptocurrency industry lost about $4.4 billion to frauds and thefts, noted CipherTrace in its report. As of June, the amount was $1.1 billion.