Researchers have warned of a new vulnerability that influences certain crypto -hardware -portfolios with which attackers cannot sign -authorized Bitcoin transactions can sign private and steal private keys.
Cryptocurrency portfolios using the Chinese made ESP32 chip, a commonly used microcontroller designed for embedded systems and connected devices, run according to cyber security company Crypto Deep Tech, which a great vulnerability in a recent report.
Often implemented in security-critical environments and used in hardware portfolios such as Blockstream Jade and Open Source projects such as Bowser and Colibri, these chips often act as gateways for sensitive networks or store cryptographic reference, making vulnerability particularly serious.
According to researchers, attackers can exploit the Bluetooth and Wi-Fi connectivity of the chip to inject malignant module updates, gain access to a low level and to extract sensitive wallet data such as private keys.
The chip suffers from several vulnerabilities, including a weak random number generator who makes Bitcoin private keys dangerous, and broken validation controls with which invalid or low value keys can be used.
Electrum-based portfolios are particularly vulnerable, because the lack of hashing logic of the Chip attackers enables non-BIP-137 to utilize messages and to generate falsified ECDSA signatures that validate as real Bitcoin transactions.
With regard to this vulnerability, especially for crypto users, it is their secret implementation. In a Real-World test case, crypto deep technical researchers could use the vulnerability to bypass normal security controls, restore a private key and gain access to a live Bitcoin portion that contained 10 BTC with 10 BTC without warning the user at any time.
The risks are not limited to only cryptocurrency portfolios. Vulnerability opens the door for large-scale supply chain attacks, espionage at state level and coordinated theft campaigns aimed at any network where ESP32-driven devices are used.
To mitigate the threat, researchers advised the use of trusted devices, the up -to -date keeping of Bitcoin software and trusting secure cryptographic libraries to prevent risks such as important theft and transaction replacement.
Although considered a safe alternative to software portfolios, which are often used, the vulnerabilities of the hardware wallet remain a serious problem for cryptocurrency lovers.
Last month Ledger Donjon researchers discovered that the latest safe safe models from wallet Trezor still depend on a general microcontroller that is vulnerable to physical attacks.
Despite the fact that a certified secured element has for pin and secret storage, the STM32-based chip used in Trezor devices can be used to be used by voltage glitching, an attack that can be carried out purely in software and is almost impossible to detect.
