It’s been 4 months & KeepKey’s hardware is still vulnerable to remote ransom attacks

It’s been 4 months & KeepKey’s hardware is still vulnerable to remote ransom attacks

A Shift employee successfully deployed a ransom attack on Trezor and KeepKey hardware wallets last May. While Trezor released a fix on September 2, KeepKey has yet to fix the issue.

According to a blog post published on September 2, the vulnerability affected all cryptocurrencies on affected devices. The exploit, which was first spotted on April 15 by developers Shift Crypto, also affected KeepKey wallets — which were originally based on a fork of Trezor’s code and likely operate on similar foundations.

When asked about the vulnerability, a KeepKey representative apparently commented that a fix had not yet been developed, explaining that their developers “are working on higher priority items first.”

READ  Gemini to accept deposits in PAX Gold, Amp and Compound

He also added that the passphrase entered by the user could be “simply be ignored,” in favor of a replacement passphrase, only known to the attacker.

In May, the customer databases of Trezor, Ledger, and KeepKey were allegedly listed for sale following a substantial data breach.

The hacker claimed to be in possession of account information corresponding to nearly 41,500 Ledger users, over 27,100 Trezor users, and 14,000 KeepKey customers.

SatoshiLabs noted at the time that they did not believe the information to be genuine.

Leave a Reply

Your email address will not be published. Required fields are marked *

Want to automate your crypto Trading?
Try this new trading Robot!

Your information will be validated and you will be automatically redirected to the trading robot advanced dashboard.