New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Blog posts, Donjon | 06/11/2019

Extracting seeds from Wallets

During Breaking Bitcoin conference last weekend, I presented the research we conducted in the past months at the Donjon. We spent significant time and efforts in order to raise the bar of security in the ecosystem.

We studied several wallets, having different threat models and found critical vulnerabilities which would allow an attacker to get access to primary assets (xpriv / seed). We responsibly disclosed our findings to the respective vendors and tried to help them fixing these issues when possible. We studied 5 different wallets having different threat models: Ellipal wallet, Trezor One, Keepkey, Trezor T and HTC Exodus.

We demonstrated that physical access to the device would allow an attacker to extract the seeds from Ellipal, Trezor One, KeepKey, and Trezor T within a few minutes and a very limited equipment (100$ + a standard computer). The details of the vulnerabilities have not been all publicly disclosed because there is no way to fix them (except for Ellipal). Both vendors sent us a bounty reward. We would like to thank them for this.

Finally, concerning HTC Exodus, we studied an interesting feature consisting in sharing the user seeds into 5 parts. These parts are shared with 5 trusted contacts. The mechanism was supposed to be designed such that the seeds can be reconstructed if and only if 3 parts are gathered. We found a bug allowing an attacker to retrieve the seeds with only one part. This is especially critical, since this attack is remote and can be generalized. All the vulnerabilities we found on HTC Exodus have been fixed by the vendor and our work triggered the creation of their bounty program.

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our

New coins supported, blog updates and exclusive offers directly in your inbox

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.