One of the main characteristics of Blockchain technology, and probably the one it is best known for, is due to its reputation for being unlocking. However, although blockchains are effectively impossible to manipulate. The story is different when it comes to the products created thanks to them. Therefore, even a cold wallet can be hacked if we do not take the necessary precautions.
The unreachability of the Blockchain
One of the great confusions existing in the crypto world, is one that mixes Blockchain technology that protects cryptocurrencies, with the security of them. Well, the existence of blockchains effectively guarantees that cryptocurrency registries, like Bitcoin, are not modified by any actor.
However, this does not mean that it is impossible that a malicious third party can break our security, and reach our cryptocurrencies. Especially if we don’t have a sufficient level of security in our wallets to defend against these cyber attacks.
And it is that, if a person manages to decipher our access codes and enters our wallet. There is no way to prevent it from sending our cryptocurrencies to the address they prefer. For this reason, there are different types of wallet that combine different security levels.
Being the safest type of wallet on the market, calls cold wallets. Which consist of devices not connected to the internet, usually external memories, such as a USB stick, but may also be a simple QR code printed on paper. And since they are not online, they could not be attacked by hackers of any kind. Reason why they are considered impenetrable methods for safeguarding crypto assets.
A hacked cold wallet
However, and as evidenced by studies carried out by the Ledger company, which produces different wallet models itself. A cold wallet can be hacked if the right tools are used to exploit certain vulnerabilities. Like the ones discovered in Shapeshift’s KeepKey and Coinkite’s Coldcard Mk2.
In the case of KeepKey, the Ledger researchers took advantage of the variations in the voltages consumed by the memory chip of the cold wallet. Relating each variation of chip voltage with a data entered in the password of the wallet. So, with some time and adequate technological resources, they were able to break the security of this cold wallet.
For its part, with Coldcard Mk2 the story was more complicated. In this case, the objective of the Ledger team was to break the protection of the wallet that limits the number of attempts to crack the password of the wallet. To do this, they used a “flaw injection attack”, deactivating the limit of attempts to enter the password. From there, they simply used a common password guessing program to enter the cold wallet.
Although the two companies work to solve these failures in their security. They are a reminder to the crypto community that even if we have a cold wallet. And let’s consider it extremely safe to protect our assets. Our hardware must be taken care of so that it does not fall into the hands of third parties. Which, with enough time and resources, will surely hack our wallet and take away our money.