Improving the Ecosystem: Disclosure of the Trezor Recovery Phrase Extraction Vulnerability

05/18/2020 | Blog posts

Trezor vulnerability

Our security experts are consistently working on improving the security of the crypto world. While we mostly focus on improving our own products’ security, we also attempt to enhance security standards of any cryptocurrency service provider.

Our Shared Responsibility

In the cryptocurrency world, the last thing we want to see is people losing their valuable assets due to hacks. Whenever large hacks such as the one of Mt.Gox happen, it has had a huge impact on the entire cryptocurrency market – from prices crashing to the trust and reputation being severely damaged. As such, we all have to play our part in securing the entire cryptocurrency ecosystem.

At Ledger we have assembled a team of world-class security experts called the Ledger Donjon. Their primary objective is to keep trying to break into our own devices to find vulnerabilities and improve our hardware wallets’ security. A secondary objective is to also take a look into the security of other cryptocurrency service providers, since a vulnerability in any major crypto company can in the end affect us all.

Naturally, if we discover something we contact the company involved to inform them and provide ample time for them to fix the issue. This process is known as responsible disclosure. By doing this, they can fix it before anyone with malicious intent would be able to abuse it. Unfortunately if no fix is found or possible, we do have the responsibility to inform everyone. 

The Vulnerability

When taking a look at Trezor hardware wallets, the Donjon team found a physical vulnerability. The good news is that it doesn’t concern one which can be remotely executed: someone would need physical access to your device.

The bad news is that if someone got a hold of your device, they can access your recovery phrase through it in a matter of a few minutes. The materials necessary to perform this attack only cost a rough $100, it works 100% of the time and the vulnerability appears to be completely unfixable. It doesn’t only concern Trezor hardware wallets: devices designed in a similar fashion (e.g. Keepkey) are equally impacted. You can see how quickly this can be exploited in the video below:

Since the attack can so quickly, efficiently and consistently be executed at a very low cost, we have decided to not openly show how exactly the extraction of the recovery phrase works. We don’t want to put the funds of Trezor users at risk – we merely want to inform users of the potential risk and how to mitigate it. Rest assured that Ledger hardware wallets are not affected by this vulnerability as we use Secure Element chips.

The Workaround

If you currently own a Trezor hardware wallet, all hope is not lost. Firstly, someone does actually need to be able to get their hands on your Trezor device. Keeping it as safe and hidden as your recovery phrase would be one option.

There is another workaround to still keep your cryptocurrencies secure as well. Similar to Ledger devices, a Trezor hardware wallet can be set up with a passphrase. This is an extra word of your own choosing that you can add on top of your recovery phrase. To make sure it’d be nearly impossible to brute force your passphrase, it is strongly recommended to add a lengthy (preferably over 37 characters), random and secure passphrase.

While the passphrase solution is indeed a good solution to keep your crypto secure, it does mean you’ll need to enter it into your Trezor One or Trezor model T every single time you want to use it. For the Model T, it is but a minor inconvenience as you can securely enter it directly on the device itself. There is a matter of concern for the Trezor One, however: to use your passphrase, you’ll need to enter it through Trezor’s web wallet on your computer. If your computer is compromised, your Trezor One passphrase will likely be as well