Cybersecurity firm claims it hacked seed phrase from a Trezor T hardware wallet in possession

Quick Take

  • Unciphered, a cybersecurity firm, claims to have hacked into the popular Trezor T model hardware crypto wallet manufactured by Satoshi Labs.
  • The firm showcased in a video the extraction of the wallet’s seed phrase, exploiting a hardware vulnerability that requires physical possession of the device.

Cybersecurity startup Unciphered claims it was able to hack into the popular Trezor T model hardware crypto wallet manufactured by Satoshi Labs.

In a YouTube demonstration, Unciphered showcased the apparent extraction of the wallet’s mnemonic seed phrase, or private key, exploiting a hardware vulnerability that relies on physical possession of the device.

This is not the first time Unciphered has seemingly managed to retrieve seed phrases from hardware wallets. In February, the company demonstrated a similar hack on a wallet manufactured by Hong Kong-based OneKey.

Hardware wallets, which store private keys offline and are designed to protect crypto assets, are generally considered highly secure. Unciphered said, however, that the hardware security mechanisms of the Trezor T model can be theoretically bypassed if a hacker had a T wallet in possession.

The type of exploit depicted by Unciphered would only be feasible if the attacker had physical access to the hardware wallet.

In the video, the Unciphered team said it developed an “in-house exploit” that allowed them to extract the wallet’s firmware. Eric Michaud, co-founder of Unciphered, claimed that by leveraging specialized GPU chips, they were eventually able to crack the device’s pin seed phrase.

“We uploaded the firmware we extracted onto our high-performance computing cracking clusters," Michaud explained in the video. "We have about 10 GPUs, and after some time, we extracted the keys.”


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Michaud further claimed that fixing this exploit for Trezor T would require a recall of all their products.

Trezor's Response

Trezor acknowledged that Unciphered’s demonstration had similarities with the Read Protection Downgrade (RDP) vulnerability discovered by Kraken Security Labs researchers that affected both the Trezor One and Trezor Model T. This implies that the vulnerability is not new.

"This appears to be a vulnerability called an RDP downgrade attack and as communicated on our blog in early 2020, RDP downgrade attacks require physical theft of a device and extremely sophisticated technological knowledge and advanced equipment," Trezor's chief technology officer Tomáš Sušánka said. "Even with the above, Trezors can be protected by a strong passphrase, which adds another layer of security that renders a RDP downgrade useless.”

Trezor added that it has taken significant steps to resolve the issue in future by developing a new secure element for hardware wallets with its sister firm, Tropic Square.

This story has been updated with a comment from Trezor.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]


To contact the editor of this story:
Nathan Crooks at
[email protected]