Home - Coinspect Security
secure chip leaks

EUCLEAK Impact on Hardware Wallet Security

Founder & CEO
Wallets

Recent research by Thomas Roche from NinjaLab has uncovered a vulnerability that has lurked in secure devices for over 14 years.
The vulnerability affects many products, from electronic passports to Yubikey 5 and hardware wallets like the Trezor V3, which uses the Infineon SLE78 chip.
The EUCLEAK attack allows for extracting private keys from the secure chip in these devices if an attacker has physical access for just five minutes and can use the device to generate signatures. However, executing the attack requires opening the device’s case and advanced equipment valued at around $10,000.

Side-Channel Attack Impact on Different Devices

While this vulnerability is alarming, the practical impact varies depending on the device type.

  • Hardware Wallets (e.g., Trezor V3): Although vulnerable, the device would need to sign a message for the attack to succeed, making this attack harder to pull off unless the attacker already has the PIN. Anyone with access to the wallet and the PIN can empty it quickly.
  • FIDO 2FA Devices (e.g., Yubikey): The attack is more feasible for FIDO 2FA devices. These don’t require a PIN or biometric data, making the process easier for an attacker.

Attestation

The implications for secure attestation protocols are particularly noteworthy, especially in less common but critical setups.
An attacker exploiting this vulnerability could simulate a secure device, undermining protocols that depend on device integrity.
Attestation, a feature not widely understood, ensures the integrity of systems and products by verifying their authenticity, such as hardware wallet’s anti-counterfeit checks or HSMs in decentralized federations (i.e., multi-sig wallets where members are not trusted).
In both scenarios, the attackers are likely insiders or untrusted device custodians, making the attack more realistic. The attack becomes more feasible with access to a device long enough to disassemble and reassemble unnoticed and the ability to generate signatures while monitoring it.

Multi-sig Federations

Compromised attestation is especially concerning for multi-sig federations, like blockchain bridges, where attackers could pose as legitimate members using compromised hardware security modules (HSMs). If enough federation members are compromised, they could steal significant funds.

Hardware Wallet Genuineness

Additionally, the HSMs used to sign hardware wallet chips at manufacturing could be compromised to extract the root key. With this trusted key, attackers can produce counterfeit devices that bypass authenticity checks.

Authentication Device Enforcement

This vulnerability must be evaluated by organizations that enforce the use of specific secure devices like YubiKeys for authentication. Many organizations rely on device attestation to ensure employees only use trusted hardware. If attackers can create fraudulent YubiKeys or duplicate signing keys, they could bypass these checks, undermining security policies and allowing unauthorized access with counterfeit devices.