Bitcoin
Bitcoin (BTC)
$97,684.00 4.63454
Bitcoin price
Ethereum
Ethereum (ETH)
$3,137.07 0.62013
Ethereum price
BNB
BNB (BNB)
$609.85 -0.71015
BNB price
Solana
Solana (SOL)
$242.47 1.89981
Solana price
XRP
XRP (XRP)
$1.12 0.82176
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000239 -2.56585
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000191 -4.55994
Pepe price
Bonk
Bonk (BONK)
$0.0000515 -4.97354
Bonk price
dogwifhat
dogwifhat (WIF)
$3.09 -6.69506
dogwifhat price
Popcat
Popcat (POPCAT)
$1.52 -9.65696
Popcat price
Bitcoin
Bitcoin (BTC)
$97,684.00 4.63454
Bitcoin price
Ethereum
Ethereum (ETH)
$3,137.07 0.62013
Ethereum price
BNB
BNB (BNB)
$609.85 -0.71015
BNB price
Solana
Solana (SOL)
$242.47 1.89981
Solana price
XRP
XRP (XRP)
$1.12 0.82176
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000239 -2.56585
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000191 -4.55994
Pepe price
Bonk
Bonk (BONK)
$0.0000515 -4.97354
Bonk price
dogwifhat
dogwifhat (WIF)
$3.09 -6.69506
dogwifhat price
Popcat
Popcat (POPCAT)
$1.52 -9.65696
Popcat price
Bitcoin
Bitcoin (BTC)
$97,684.00 4.63454
Bitcoin price
Ethereum
Ethereum (ETH)
$3,137.07 0.62013
Ethereum price
BNB
BNB (BNB)
$609.85 -0.71015
BNB price
Solana
Solana (SOL)
$242.47 1.89981
Solana price
XRP
XRP (XRP)
$1.12 0.82176
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000239 -2.56585
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000191 -4.55994
Pepe price
Bonk
Bonk (BONK)
$0.0000515 -4.97354
Bonk price
dogwifhat
dogwifhat (WIF)
$3.09 -6.69506
dogwifhat price
Popcat
Popcat (POPCAT)
$1.52 -9.65696
Popcat price
Bitcoin
Bitcoin (BTC)
$97,684.00 4.63454
Bitcoin price
Ethereum
Ethereum (ETH)
$3,137.07 0.62013
Ethereum price
BNB
BNB (BNB)
$609.85 -0.71015
BNB price
Solana
Solana (SOL)
$242.47 1.89981
Solana price
XRP
XRP (XRP)
$1.12 0.82176
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000239 -2.56585
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000191 -4.55994
Pepe price
Bonk
Bonk (BONK)
$0.0000515 -4.97354
Bonk price
dogwifhat
dogwifhat (WIF)
$3.09 -6.69506
dogwifhat price
Popcat
Popcat (POPCAT)
$1.52 -9.65696
Popcat price

Trezor developer confirms private keys can be extracted if firmware is corrupt

trezor-developer-confirms-private-keys-can-be-extracted-if-firmware-is-corrupt
Edited by
News
Trezor developer confirms private keys can be extracted if firmware is corrupt

A developer has acknowledged that a malicious firmware update can “exfiltrate” the seed and record the passphrase of a Trezor device.

This revelation emerged during a discussion on Trezor’s official forum. It is weeks after the Ledger Recover feature suggestion that drew even more concern about the security of assets stored in popular hardware wallets.

Trezor confirmation

The developer emphasized that although open-source software allows for global community scrutiny and the use of hashes and signatures to verify authenticity, these measures do not eliminate the possibility of harmful code being included in an official software release.

He said:

“The firmware running on your Trezor must have access to private keys – otherwise, it could not sign your transactions. That means if the firmware turned malicious, it could exfiltrate the private keys. The only way to prevent that would be to freeze the device so that it could never be updated – and pray that there aren’t any problems in the frozen version already.”

The concern raised by the official Trezor representative is that by the time the community identifies such malicious activity, it could already have caused significant damage to users. Additionally, uncertainties exist regarding potential future governmental actions and policies toward cryptocurrencies, which may impact companies in this space.

These comments have generated concerns among Trezor users, calling for increased transparency regarding the company’s security practices. Suggestions have been made for users to explore hardware wallets from alternative manufacturers. Trezor has asserted its commitment to security and expressed its willingness to collaborate with the community to address any potential risks.

Ledger lambasted for suggesting “Recover” feature

In May 2023, Ledger announced “Ledger Recover” for users to extract their private keys and store them on an external server. Ledger and a third-party custodian were tasked with keeping assets’ private keys. 

Despite the assurance from Ledger that private keys would be secure, critics said client assets could be compromised should the third-party server be compromised, placing billions of assets at risk.

At the same time, critics pointed out the decision by Ledger to demand clients submit government-issued identities to access the feature.

In 2020, Ledger experienced a security breach that resulted in the theft of over 270,000 physical addresses belonging to their clients.