Donjon, a security research team behind the Ledger cryptocurrency wallet, has successfully compromised rivaling Coldcard Mk2 by targeting it with a high-powered laser.
This incredibly complicated ‘fault infection attack’ makes it possible to extract the PIN and get access to the wallet’s funds.
The attack is very costly
How worried should Coldcard Mk2 owners be? Probably, not too much.
Apart from gaining physical access to the device, bad actors would need to get their hands on expensive equipment that costs nearly $200,000 and have the wits to perform an incredibly complex operation.
In its response to the study, Coinkite, the hardware manufacturer behind the laser-hit wallet, lauded the Donjon team for publishing an ‘amazing’ report.
However, the company noted that the vulnerability doesn’t pertain to Mk3 Coldcard, its latest-generation product that has been on the market since 2019.
Fundamental changes were made between mark 2 and 3, long before Ledger reported them.
More of Ledger’s findings
The researches also explained how ShapeShift’s wallet KeepKey can be hacked decoding its voltage outputs. ShapeShift has already made it more difficult for hackers to exploit the vulnerability.
As reported by U.Today, Kraken Security Labs also detected a similar flaw Trezor T and Trezor One -- the microcontrollers of these wallets could be attacked with the help of voltage glitching.
Ledger, the leading name on the hardware wallet market, has an incentive to find weaknesses in the products of its direct competitors, but the company claims that Donjon researchers mainly attack their own wallets.