Hacks & Frauds 4 min, 35 sec READ

by Mike Dalton

Ledger has revealed vulnerabilities in its competitors' product lines. Is the issue realistic or overblown―and are hardware wallets really safe?

Hardware wallets are often considered the safest way to store Bitcoin and other cryptocurrencies. First of all, hardware wallets are rarely connected to an online computer, which makes them very hard to hack. Second of all, hardware wallets use secure chips that are designed to handle private keys in a tightly controlled manner. This makes hardware wallets one of the most secure types of wallet in existence.

However, the safety of hardware wallets has been called into question. Most recently, Ledger revealed vulnerabilities in the hardware wallets of one of its competitors, Trezor. And this is just the most recent issue: almost all hardware wallet brands have had vulnerabilities in the past. So, are hardware wallets really at risk, or is the matter overblown? Let's take a look at what has been happening recently.

Recent Trezor Vulnerabilities

Earlier this year, Ledger's security division, Donjon, discovered several security flaws in Trezor wallets and Trezor clones. This July, the group highlighted a significant vulnerability that could allow attackers to access a Trezor wallet's seed data. This could allow those attackers to steal cryptocurrency from the target. Trezor, however, has denied that this is a serious issue. It writes:

In spite of constant rehashing of the same old news, our answer remains the same: The main goal of hardware wallets is protection against remote attacks. If physical attacks are in your threat model, you can protect your wallet with a passphrase. / Trezor via Twitter

Ledger Donjon concedes that this vulnerability can only be exploited if the attacker has direct access to the target's device. It also admits that a passphrase prevents the attack. However, Ledger Donjon believes that the vulnerability is much easier to exploit than previously reported. The attack no longer requires specialized equipment, Ledger says―instead, the attack can be carried out with a $100 device.

As Trezor has indicated, this vulnerability is not entirely new. In March, Ledger revealed a few other flaws in Trezor wallets, and most were fixed in a firmware upgrade. However, this particular issue is unpatchable, as it is built into Trezor's hardware. Hence the dispute: Ledger insists that this attack is "practical and reliable," while Trezor maintains that the attack is impractical and easily preventable.

The Hardware Wallet Wars

It should be noted that Ledger and Trezor are locked in intense competition. Supposedly, Ledger Donjon exists to scrutinize Ledger's own products, according to its original blog post from November 2018. However, since Ledger Donjon was formed, all of its announcements have concerned security flaws in its competitors' products. Arguably, Ledger is milking one minor problem in order to improve its own image.

Ledger itself has actually been the target of similar accusations. Last December, independent security researchers demonstrated vulnerabilities in Ledger and Trezor products during an event called wallet.fail. Although both companies acknowledged those claims, they also highlighted that many wallet.fail exploits require direct access to a target's wallet. In short: Ledger has dismissed physical lines of attack, just as Trezor has.

Simply put, hardware wallet attacks that depend on close proximity are not a very big risk. A Binance survey (cited by Trezor here) found that only about 6% of crypto attacks involve physical access to a device. Furthermore, once attackers are close to you or your hardware wallet, all bets are off. An attacker could threaten you in order to steal your funds, or they could observe you unlocking your device―which is beyond the scope of manufacturer security.

Other Potential Issues

Physical attacks may not be much to worry about, but remote lines of attack do exist. This March, for example, Sia discovered a Trezor and Ledger vulnerability that potentially allows crypto "ransoms" to be performed. And, over a year ago, security researchers discovered a flaw that could have allowed attackers to access YubiKey hardware wallets through a feature in the Google Chrome web browser.

There are other issues apart from deliberate attacks: hardware durability is another consideration. Hardware wallets last longer than paper wallets, and they make it difficult to lose your funds or delete your information. However, hardware wallets are not invincible, and they can be destroyed or damaged. Simply keeping multiple wallet backups is usually a sufficient solution, but metal wallets are also an option for improved durability.

Software bugs can result in loss of funds as well. This March, Monero (XMR) developers made an error in the design of Ledger's Monero wallet plugin, which accidentally caused users to temporarily lose access to their funds. This bug was fixed in April, and user funds were restored. Still, it is worth considering that honest accidents can potentially wreak more havoc than malicious attacks ever can.

Is Any of This a Problem?

Few if any of the issues described above have been exploited, let alone exploited on a large scale. In general, attacks on exchanges and software wallets are simply more profitable lines of attack. Additionally, lines of attack that rely on social engineering instead of vulnerabilities are also very common―these strategies include phishing, ransomware, and cryptojacking.

In other words, it is quite difficult to attack hardware wallets, both remotely and physically. This article isn't a comprehensive survey of everything that could go wrong with hardware wallets, but crypto users have trusted major hardware wallet brands through thick and thin. So, despite a number of potential risks, hardware wallets are quite secure, and they are certainly here to stay.