bitcoin hardware

A Def Con 25 Demonstration Claims to ‘Break Bitcoin Hardware Wallets’

The well-known hacker conference Def Con 25 is happening once again at Caesars Palace in Las Vegas on July 27-30. The event schedule has a vast array of hacking exhibits and keynote presentations, but one notable group of Def Con demonstrators on the list claims they will show the audience how to break a bitcoin hardware wallet.

Also read: Onecoin Operators Get In Trouble Again In Three More Countries

The Cryptotronix Presentation: ‘Helping You Get Started Breaking Your Own Wallet!’

A Def Con 25 Demonstration Claims to 'Break Bitcoin Hardware Wallets'The Def Con conference is one of the world’s biggest hacker conventions held in Nevada every year since 1993. The event hosts a multitude of tracks, demonstrations, and speakers from computer security experts, tech journalists, hackers, and government cyber specialists. This year’s Def Con 25 will have a lot going on as the audience will hear about jailbreaking Android and Apple gear, Opsec techniques, the evolution of DDoS attacks, abusing certificates, drone defense markets, and more.

One demonstration dubbed “Breaking Bitcoin Hardware Wallets” has sparked interest within the bitcoin ecosystem. The 20-minute presentation will showcase Josh Datko, and Chris Quartier of the company Cryptotronix sharing their tools and methods that allegedly can break a bitcoin hardware wallet.

“In this presentation, we will quickly overview fault injection techniques, timing, and power analysis methods using the Open Source Hardware tool, the Chip Whisperer,” explains the Cryptotronix demonstration summary.

We then show how to apply these techniques to the STM32F205 which is the MCU on the Trezor and Keepkey. Lastly, we will present our findings of a timing attack vulnerability and conclude with software and hardware recommendations to improve bitcoin hardware wallets.

A Study In 2015 Extracts a Private Key Using a $70 Oscilloscope

Cryptotronix backs their claims with a study done in 2015 by developer Jochen Hoenicke who was able to extract a Trezor’s private key using a $70 oscilloscope. The tool is an electronic testing instrument which allows the observation of various signals within devices. Many people believe side channel attacks like the one Hoenicke demonstrated are difficult tasks to achieve, but Hoenicke believes they are relatively easy to perform.    

“Side channel attacks are not as difficult as many people think,” details Hoenicke in 2015. “A simple power analysis requires only a simple oscilloscope, and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge of the code that is running.”

A Def Con 25 Demonstration Claims to 'Break Bitcoin Hardware Wallets'
Jochen Hoenicke’s experiment extracts a private key from a Trezor using a $70 oscilloscope tool. 

The 2015 Hardware Wallet Vulnerabilities Were Patched, But Cryptotronix Claims There May Be Additional Side Channel Attacks

Since then Trezor has patched these vulnerabilities found in 2015, and Hoenicke was in contact with the manufacturer Satoshi Labs throughout his investigation. However, Cryptotronix says in their demonstration summary, that although the vulnerability was patched the hardware wallets still do not have a “Microcontroller” and “[They] may be vulnerable to additional side channel attacks.”

Across forums, many bitcoiners are skeptical of the upcoming demonstration that will be taking place in Vegas next month, but stated they would be watching this closely. Some proponents said they hoped Cryptotronix would also release a responsible disclosure first to bitcoin hardware manufacturers before showcasing the hack. Others said research and tools like this might up the stakes so that next generation bitcoin devices can protect themselves in the future.

“Bitcoin hardware wallets help protect against software-based attacks to recover or misuse your key. However, hardware attacks on these wallets are not as well studied,” reveals the Cryptotronix demonstration synopsis.

What do you think about the bitcoin hardware wallet demonstration that will take place at Def Con 25? Do you believe they possess tools that can exploit vulnerabilities found in these wallets? Do you think their research is a good thing so hardware companies can up their security game? Let us know in the comments below.


Images via Def Con 24, Jochen Hoenicke’s blog post, and the Cryptotronix website. 


Do you want to talk about bitcoin in a comfortable (and censorship-free) environment? Check out the Bitcoin.com Forums — all the big players in Bitcoin have posted there, and we welcome all opinions.

  • Roger Ver

    Maybe encrypted paper wallets really are simplest and safest. I’m always amazed how news writers like Redman always manage to find such interesting topics for stories.

    • I only trust my cryptosteel, everything ells is temporary.

      • Chris

        Cryptosteel will protect your key from fire or flood, but not from someone with a cellphone camera.

    • why bother

      Yup! My cold wallets are created on an air gapped computer.

      • Trade Southwest

        There have been a number of proof-of-concept attacks on air-gapped computers.
        Using an FM receiver,
        a hacker can tune into the FM signal emitted from the graphics card to
        spy on what is displayed on the computer display (this is called a
        TEMPEST attack).
        Covert acoustical mesh networks
        are created within a machine by inaudible (to the human ear) sounds.
        Using built-in microphones and speakers, an attacker can transmit data
        to a distance of roughly 65 feet.
        A light attack was highlighted at the 2014 Black Hat Europe
        conference wherein a hacker could shine a light (visible or infrared)
        into the room where the air-gapped computer was connected to a
        multi-function printer scanner (while a scan is in progress) to receive
        and send attacks.

  • Bé Chuột

    This is a joke

    • Yess

      • Joe Shmo

        I’ll paraphrase what I read from a poster on another similar article, as I thought it was pretty good advice. Do what you gotta do with your hardware wallet, then unplug it.

  • Arvind Rao

    Well it is a good idea from the point of view of exposing design vulnerability of wallets from consumer perspective and safety of wallets- also from manufacturers perspective so that they can plug the design loopholes effectively. A hacker’s mind is an intelligent as well as a criminal mind that can understand how the criminal mind works and hacks the best of security protocols. But it would be good to share the info with the makers of hard wallets rather than share on a public platform the vulnerabilities of hard wallets – so that criminal minded hackers disguised as delegates do not get the benefit of getting the value information exposing the chinks in the hardware wallets. There is no sense in trying to make wallets secure and and at the same time showing to criminals how the security can be breached.

    • Dennis Igah

      I agree with you. The manufacturers are the right people to see this presentation.

    • I agree, there is no other logic

    • Mike

      I agree that manufacturers should get this information but I disagree that the public should not get the information as well.

      GM once had a vulnerability in one model of their cars that allowed a hacker to remotely connect to the car. They then had access to start, stop, accelerate, turn, and brake the car remotely. The guy who found this vulnerability told GM about it and they left it unpatched for over a year. After that year, he then told the public about the vulnerability and how to take control remotely and GM patched it within a day or two.

      The point is, if the public does not know about the vulnerability, what motive does the manufacturer have to fix it? I say let the public know so the manufacturer has no other option but to fix the vulnerability.

  • Tony

    Ay.

  • Brian Menendez

    lol, if they could really do this, there are wallets out there with over 100000 bitcoins in them ($250million each), why not just keep this technique secret and use it to steal billions of dollars.

    • Jamie

      Probably because they need physical access to a device. Which is just one deterrent against this type of vulnerability.

    • Dalton Said

      Why do you assume that just because someone can steal, will steal?

      • bbb

        Your right, I shouldn’t assume that

        • concerndcitizen

          There are still a lot of good people out there, especially in the original bitcoin community. However, there are some who would be tempted by the amount of money.

  • Break out your Faraday hardware.

  • All articles are written to be read, only read, to many many people. This is the purpose. Truth is a case and don’t are necessary and even telling the truth can you believe the opposite

  • Mangap

    If it is Need physical access we are not so worry about that. but if the break can be done remotely we need to worry.
    I hope Trezor 2 much safer. Sathosi Lab need to discuss with many hackers how to add more security for the next hardware wallet