Understanding Hardware Wallet Vulnerabilities
Ledgers and Trezors are incredibly secure, but they are not invincible. We explore the physical attack vectors and how we extract data from damaged devices.
GeoHotz Threat Research
Security Advisory Team
The Physical Threat Model
Hardware wallets store your private keys in an isolated microchip, making them immune to online hacking. However, if an attacker gains physical possession of the device, the threat model changes entirely.
Advanced adversaries can use techniques like voltage glitching or electromagnetic fault injection to confuse the microchip into bypassing its PIN lock. While extremely difficult and requiring a physical laboratory, these attacks prove that physical security of the device is just as important as digital security.
Data Recovery from Destroyed Devices
What happens when your hardware wallet is crushed, burned, or submerged in water? The secure element chip inside is highly resilient. If the owner has lost their seed phrase but still possesses the damaged device, all hope is not lost.
In our clean-room laboratory, we use micro-soldering to carefully extract the secure element from the destroyed logic board. We then transplant this chip onto a donor board, allowing us to power up the device, enter the user's known PIN, and safely extract the private keys.
About GeoHotz Threat Research
Our elite team of reverse-engineers and security analysts publish weekly advisories on emerging threats, blockchain exploits, and extortion defense strategies. We monitor the dark web so our clients do not become statistics.