According to recent reports, cryptocurrency cold wallets, or hardware wallets, are also vulnerable to hackers.
Researchers from Ledger, one of the biggest manufacturers of cold wallets, revealed that even cold wallets are vulnerable to hackers too.
This report came after Ledger experimented on cold wallets like Coinkite and Shapeshift to demonstrate the loopholes in their hardware.
Ledger: Hardware wallets held with “highest standards”
According to Ledger, the hardware wallets can be attacked by hackers with accessing the PIN codes that secure the wallets.
While these vulnerabilities have since been fixed, security risks remain albeit minimal. What further mitigates the risk is that hackers still have to get a hold of the hardware before they are able to exploit it.
The chief technology officer from Ledger, Charles Guillemet allayed the fear of the cryptocurrency community. According to him, it is still safe to put huge sums of funds in a hardware wallet. The only concern that remains is if these wallets are physically lost to attackers.
According to Guillemet:
“This is definitely a big thing if an attacker has physical access to a hardware wallet and the wallet is not secure. Some cryptocurrency exchanges are even using hardware wallets for cold storage.”
According to the report, cold wallet provider Shapeshift has already addressed the risk of PIN code hacking. Its KeepKey wallet has received a firmware update in order to ensure greater security for the hardware.
Responsibly securing cold wallets is the key
Hacking cold wallets are not an easy task to do, however. Hackers would have to depend on the information that is inadvertently accessible to the KeepKey wallets before they can carry out such an attack.
According to ShapeShift:
“The fact is that there’s no way to prevent a highly sophisticated attacker with physical possession of the device, and lots of time, technology, and resources, from completely ‘pwning’ that device—eventually.”
ShapeShift also urged that the security of the device is also a key to prevent the device from being hacked. “Protect your KeepKey like it could be stolen tomorrow,” ShapeShift adds.
Other hardware wallets that have been put to the test were more sophisticated. CoinKite, for one, had to be forced into triggering an automated “insecure debugging mode.”
During this state, attackers can execute “brute force” attacks where they can try all possible combinations of the hardware’s PIN without limitations.
But in order to do this, the researchers have to open the wallet, expose the chip, grind its silicon carefully, and use a high-powered laser with maximum precision.
While cold wallets can be vulnerable to attackers too, keeping it secure from hackers is also a shared responsibility with the user. After all, the attackers will still have to physically access the hardware before they can execute such attacks.
Images courtesy of WorldSpectrum/Pixabay, Marco Verch/Flickr