Crypto hardware wallets using ESP32 chip at risk of private key theft: report

The researchers warned against a new vulnerability affecting certain cryptographic material portfolios which allows attackers to sign unauthorized Bitcoin transactions in private and steal private keys.

Cryptocurrency portfolios using the ESP32 chip made in China, a widely used microcontroller designed for embedded systems and connected devices, are at risk, according to the Cybersecurity Company Crypto Deep Tech, which reported a major vulnerability in a recent report.

Often deployed in critical environments and used in material portfolios such as Blocking jade And open source projects such as Bowser and Colibri, these chips often act as bridges towards sensitive networks or store cryptographic references, which makes vulnerability particularly severe.

According to researchers, attackers can use Bluetooth and Wi-Fi connectivity to inject malware modules updates, gain low level access and extract sensitive wallet data such as private keys.

The chip suffers from multiple vulnerabilities, including a low random number generator which makes private keys Bitcoin dangerously predictable and broken validation verifications which make it possible to use non -valid or low value keys.

Electrum-based portfolios are particularly vulnerable, because the defective chopping logic of the chip allows attackers to exploit the formatting of non-beep-137 messages and generate forged ECDSA signatures which validate as real Bitcoin transactions.

What makes this vulnerability particularly concerning crypto users is its furtive execution. In a real world test case, Crypto’s deep technology researchers were able to use vulnerability to get around normal security checks, recover a private key and access a live Bitcoin portfolio containing 10 BTC without alerting the user at any time.

The risks are not limited to cryptocurrency wallets. Vulnerability opens the door to large -scale supply chain attacks, spying on the state level and coordinated flight campaigns targeting any network where ESP32 propelled devices are used.

To alleviate the threat, the researchers advised to use trust devices, keep Bitcoin software up to date and rely on secure cryptographic libraries to avoid risks such as key flight and transaction counterfeit.

Although considered a secure alternative to software wallets, which are often exploitedThe vulnerabilities of hardware portfolio remain a serious problem for cryptocurrency lovers.

Last month, researchers from Ledger Dungeon find The latest safe models of the TREZOR portfolio manufacturer are still based on a microcontroller for general use which is vulnerable to physical attacks.

Despite a secure element certified for secret storage and storage, the STM32 -based chip used in TREZOR devices could be operated by voltage glitting, an attack that can be made only in the software and is almost impossible to detect.