Trezor has patched a security vulnerability in its Safe 3 and 5 hardware wallet models, which was identified by Ledger’s research team, Ledger Donjon.
Despite Trezor’s security improvements, the microcontrollers still allowed for executing cryptographic operations, making the devices vulnerable to sophisticated attacks.
Ledger’s Chief Technology Officer, Charles Guillemet, addressed the issue in an X post:
“We believe that making the ecosystem more secure helps everyone and is critical as we push towards broader adoption of crypto and digital assets,”
Trezor had previously integrated Secure Elements specialized chips designed to safeguard PIN codes and cryptographic secrets to counter potential threats, particularly software modifications that could enable attackers to access user funds. Ledger recognized this advancement in a March 12 update that Secure Elements
“effectively thwarts any inexpensive hardware attack, particularly voltage glitching.”
However, despite these defences, Ledger discovered another potential weakness in Trezor’s two-chip design. The microcontroller remained a vulnerability, as Ledger bypassed the firmware integrity check to detect unauthorized software modifications.
Trezor has resolved the issue but has not provided specific details on the fix. The company reassured users on X that their funds remain safe and that no action is required. When asked if the flaw was patched via a firmware update, Trezor responded, “Unfortunately not.”
“In cybersecurity, the golden rule is simple: nothing is fully unbreakable,”
Trezor stated.
“That’s why we have already implemented a multi-layer defense against supply chain attacks and always advise our users to purchase from official sources.”
Meanwhile, Ledger faced an ordeal earlier this year when co-founder David Balland was kidnapped in France. According to the Paris prosecutor’s office, Balland was abducted from his home in central France in the early hours of January 21. The kidnappers held him captive for more than a day and demanded a ransom in cryptocurrency. Law enforcement launched a nighttime operation on January 22, successfully securing his release.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
