A Shift Crypto employee successfully deployed a ransom attack on Trezor and KeepKey hardware wallets last May. While Trezor released a fix on September 2, KeepKey has yet to fix the issue.

According to a blog post published on September 2, the vulnerability affected all cryptocurrencies on affected devices. The exploit, which was first spotted on April 15 by developers Shift Crypto, also affected KeepKey wallets — which were originally based on a fork of Trezor’s code and likely operate on similar foundations.

When asked about the vulnerability, a KeepKey representative apparently commented that a fix had not yet been developed, explaining that their developers “are working on higher priority items first.”

The blog post’s author warned:

“A malicious wallet or a man-in-the-middle [ransomware] modifying data transferred via USB could send an arbitrary fake passphrase to the Trezor / KeepKey, and hold any coins received in this wallet hostage.”

He also added that the passphrase entered by the user could be “simply be ignored,” in favor of a replacement passphrase, only known to the attacker.

In May, the customer databases of Trezor, Ledger, and KeepKey were allegedly listed for sale following a substantial data breach.

The hacker claimed to be in possession of account information corresponding to nearly 41,500 Ledger users, over 27,100 Trezor users, and 14,000 KeepKey customers.

SatoshiLabs noted at the time that they did not believe the information to be genuine.

Products You May Like

Articles You May Like

New Peer to Peer Exchange Provides Africans with an Alternative to Paxful
European Commission adopts digital finance package for crypto and blockchain
Tokenized BTC Crosses $1B Notional: Ethereum Cements Role as Bitcoin’s Main Sidechain
Dow Rallies as Investors Look Ahead to First Trump-Biden Debate
Survey: Large Number of Yield Farmers Can’t Read Smart Contracts Despite High Risk
Another Subscription-Free Microsoft Office Version Scheduled For Release In 2021

Leave a Reply

Your email address will not be published. Required fields are marked *