New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Episode 2 – Side-channel Attacks

Jan 31, 2023 | Updated Jun 14, 2023
Watch 3 min
Beginner

In this episode, we will display how some hardware wallets can be hacked with what is called a “side-channel attack.” Please note that this exploit doesn’t work on Ledger’s wallets.

SIDE-CHANNEL ATTACK

Today, in the Donjon, we will introduce you to side-channel attacks. How are we able to hack an electronic cryptocurrency wallet in order to find the PIN code that should protect your access. The side-channel attack consists of recovering the hardware wallet’s PIN code and thus being able to use it without the owner’s knowledge. The principle of side-channel attacks is to observe the behavior of electronic wallets while they are computing a sensitive transaction. For example, the current consumption when the device handles a 1 will be different from the current consumption when the device handles a 9. A side-channel attack can be compared to a burglar who would use a stethoscope to listen to a safe and try to find the right combination with just the sound.

SET UP

Firstly, we will start by opening the case. And then we can extract the integrated circuit. Here we have the heart of the hardware wallet. It is a microcontroller. It is this one that we will try to attack. We are going to weld some wires on the PCB to measure the power consumption of the circuit. Once the welds are finished, we will reconnect the wallet and put it on the test model. Now, we have everything set up.

METHODOLOGY

We’re going to try and get the current consumption of the device while it’s running. I’m going to plug that into the oscilloscope. What we see here is just white noise. It’s just the idling components. It’s doing nothing and we’re going to try to put some random code PINs into the device and at the same time, record the current consumption and so that we can build a large database of PINs’ digit values corresponding to the current consumption. We see something emerging from the first digit. There’s one group here which has very high power consumption and the other one has very low power consumption. It’s a bit like if a digit leaves a different footprint but that means we can distinguish them easily just by looking at. Each of those bubbles is the power consumption associated to each of the digits of the PINs stored on the device. Once we have studied the electrical behavior for each PIN number, we will build a dictionary and then, on a real device, we will reuse this dictionary to try to identify the right PIN code to attack any hardware wallet of this brand.

THE HACK

Now, what we’re going to do is use a script that will help us statistically match the record’s traces we’ve just acquired with the traces that are in the register. So, I run the script, and it will guess the numbers one by one. The PIN has been recovered: it’s 1-3-3-7. The attack is successful, so we can access the bottom of the wallet. After the Donjon successfully hacked this hardware wallet, the Donjon Masters reported the vulnerability to the manufacturer. This flaw has been fixed.


Related Resources

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.