Unciphered, a Crypto Security Company, Claims to Be Able to Physically Hack Into Trezor T Wallets

Published on:

Last Updated on May 25, 2023 by Bitfinsider

An organization of cybersecurity experts that specializes in retrieving lost or stolen cryptocurrency claims to have discovered a technique to get into the well-known Trezor T hardware wallet once they have it in their possession.

In a lengthy series of discussions and emails, Unciphered explained that it used a “unpatchable hardware vulnerability with the STM32 chip that allows us to dump the embedded flash and one-time programmable (OTP) data.”

All of it is fairly complicated, but the team was able to successfully hack into a Trezor T wallet and recover the seed phrase and pin in a laboratory demonstration that was captured on camera. Unciphered had already breached the EthereumWallet and retrieved crypto that had been locked up, while stating on their website that they “do support every wallet in the market.”

While noting that it appeared to be a “RDP downgrade attack,” which was openly identified as a concern three years ago, Trezor informed CoinDesk that its team lacked sufficient information about the precise attack Unciphered carried out to effectively respond.

Even though RDP downgrade attacks “require physical theft of a device, extremely sophisticated technological knowledge, and advanced equipment,” as stated on our blog in early 2020, a press representative for the manufacturer of hardware wallets claimed they were not aware of any attempts by Unciphered to get in touch directly.

Even with the aforementioned security measures, Trezor continued, “Trezors can be protected by a strong passphrase, adding yet another layer of security that makes an RDP downgrade useless.”

Due to the recent public criticism against rival manufacturer Ledger over its planned optional “recovery option,” which outraged some users who had assumed the device to be totally isolated, hardware wallets are suddenly in the spotlight. Since Sam Bankman-Fried’s FTX exchange collapsed last year, several seasoned crypto security experts have suggested hardware wallets as a safer alternative to maintaining assets on exchanges. However, the most recent information reveals that the devices aren’t completely secure either.

Unciphered stated that it would not confirm or deny if its breach of the Trezor T would be regarded as an RDP downgrade, citing “current engagements and non-disclosure agreements” that prevent further explanation of “how this exploit chain works at this time.”

Furthermore, until mitigations like a new chip are used instead of the STM32 now in use, any technical disclosure might potentially put Satoshilabs customers at danger, according to Unciphered.

Despite being aware of the STM32 chip vulnerability in the Trezor T model, Unciphered noted that Trezor has not taken any action to address it since making the initial effort to make the issue known.

Unciphered stated in an email that “the fact remains that they are trying to put the responsibility of securing their device on the customer through this article rather than taking the responsibility of admitting that their device is fundamentally insecure.”

Contrary to Unciphered’s assertions, Trezor has already made a significant contribution to the problem’s solution with the creation of the first globally auditable and transparent secure element through sibling business Tropic Square.


Hardware wallets are safe and secure devices that can be used offline. They keep your cryptocurrency offline, making it impossible for you to be hacked. To find out more on the leading hardware wallets, you may view our reviews here: Ledger & Trezor
Disclaimer: The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, legal, tax or other advice. Investing in or trading cryptocurrency or stocks comes with a risk of financial loss.

Related