Posts

  • Breaking the Ledger Security Model

    In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.

  • Multi-signature hardware wallets with Electrum

    Hardware wallets are useful but they’re not a panacea. Vulnerabilities have been found in them before and will continue to be found. If you use a single hardware wallet, your private keys could be extracted if it is stolen. Worse still, a remote access vulnerability could be found.

  • Extracting TREZOR Secrets from SRAM

    This is my independent write-up of a vulnerability reported to SatoshiLabs by an anonymous researcher.