Posts

  • Breaking into the (Digital) BitBox

    In this post, I am going to discuss the security issues I discovered in a hardware wallet known as BitBox, formerly known as “Digital Bitbox”. It is important to note that I have not audited the device, and these issues were found from a preliminary look at the device.

  • Breaking the Ledger Security Model

    In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.

  • Multi-signature hardware wallets with Electrum

    Hardware wallets are useful but they’re not a panacea. Vulnerabilities have been found in them before and will continue to be found. If you use a single hardware wallet, your private keys could be extracted if it is stolen. Worse still, a remote access vulnerability could be found.

  • Extracting TREZOR Secrets from SRAM

    This is my independent write-up of a vulnerability reported to SatoshiLabs by an anonymous researcher.