kraken.com Reviews (Jan 2021) Legit or Scam?- Watch Now! | Scam Adviser Reports
Kraken found another critical vulnerability in a crypto wallet
The wallet stores the mnemonic phrase and other data in clear text
By gaining access to a paired phone, an attacker can steal funds
The vulnerability has already been identified, but the wallet security issue is still relevant
Kraken Security Labs’ Cryptocurrency Exchange Research Department Reveals Another Critical Vulnerability In A Hardware Cryptocurrency Wallet.
This time around, a critical vulnerability was found in CoolBitX’s cold wallet CoolWallet S. It is a credit card-sized hardware wallet that connects to mobile phone apps (Android and iOS) via Bluetooth..
Kraken Security Labs has discovered a way to empty #crypto funds from the @coolwallet S hardware wallet when connected to its Android app.
Here’s how we did it and what it means for users https://t.co/7AFG656U8h
– Kraken Exchange (@krakenfx) April 3, 2020
Kraken Security Labs found that the CoolWallet S version of the Android app stores a wallet PIN, a pairing password, and a mnemonic phrase in clear text.
This vulnerability means that in the event of a potential mobile phone compromise through physical theft or remote malware, an attacker can easily get everything they need to clean up the associated hardware wallet..
A mnemonic phrase is functionally the same as a private key. Thus, if an attacker is able to obtain the phrase, he can enter it in any other digital / hardware wallet and gain full control over the cryptocurrency funds, notes Kraken.
Moreover, a hardware wallet depends on the protection of its paired mobile phone. If the attacker can get both the victim’s phone and the wallet, then he can unblock the wallet and either link it to another phone, or send funds directly from the device to another cryptocurrency wallet The popularity of cryptocurrencies around the world continues to grow, so the topic of secure storage is becoming increasingly important their digital assets. BeInCrypto editorial staff … More.
Other manufacturers require a separate PIN to be entered into the wallet as an additional layer of security, but CoolWallet S does not, emphasize in Kraken Security Labs.
There is a solution, no answer
Kraken said that after the discovery of the vulnerability, the exchange immediately contacted CoolWallet S on January 2, after which the crypto wallet manufacturer released an update.
Whether CoolWallet S stopped storing the mnemonic phrase in plaintext remains unknown.
Previously, Kraken managed to hack another cryptocurrency wallet in just 15 minutes – Trezor. Then the attack was based on a voltage failure to decrypt the key seed.
In the case of Trezor, the cybercriminals already needed certain equipment, which, of course, Kraken Security Labs did not say, but clarified that its cost may not exceed $ 75.
All information, contained on our website, published in good faith and objectivity, and for informational purposes only. Reader yourself bears full responsibility for any actions, committed by him on the basis of information, obtained from our website.