Hardware Wallet Risks: Why The Brain Of Hardware Wallets Is Actually Their Biggest Weakness (2023)

We all know that you should store your Private Keys on a dedicated Hardware Wallet. Millions of people world wide trust them to keep their bitcoin safe and for good reason, they work. No one should be storing their keys on a post it note, in their iCloud account (even if it’s encrypted) or on their horrifically malware infested computer and don’t even get us started on storing it on your phone!

However many of the top trusted Hardware Wallets such as Trezor, Ledger and COLDCARD all use the same hardware chips in them. This has caused centralization and a significant risk as there could be back doors secretly built into those chips that could compromise millions of wallets in an instant. For those with pocket money or savings account level of funds, this isn’t a huge deal.

But for the class we call Experts, the ones that hold significant investment funds in Bitcoin, it’s important to know about these Hardware Wallet risks. So today we’re going to look into this in more detail and outline what you should be doing to protect yourself.

Anatomy Of Hardware Wallets

To begin with we need to quickly outline two key parts of most Hardware Wallets:

• Microcontrol Unit (MCU): This acts as the “brain” of the device and is like a normal computers CPU. It connects with other parts of the device like the screen, USB, a Bluetooth radio or maybe a camera. It’s main design goal is bang for buck compute and while it may have some security features built into it… that’s not its main focus
• Secure Element (SE): This acts like a bank vault. A special place that’s only used to store secrets like passwords or private keys. It’s specifically built to withstand sophisticated, in person physical attacks such as attackers injecting weird voltages into it or even delidding the chip with freaking lasers

While Secure Elements sound like a fantastic place to store something like a Mnemonic Sentence (your 12 or 24 words), they’re also closed source, proprietary chips that cannot be openly verified due to NDAs the manufacturers force everyone to sign. So if you want your Hardware Wallet to be entirely FOSS (Free and Open Source Software), you can’t use them. For the rest of this piece we’ll be focusing on the MCU (and no, not that MCU).

Which MCU Does Your Hardware Wallet Use?

While Hardware Wallets are of course very different from one vendor to another, most of them need to perform similar tasks at the end of the day. They need displays to show the user information, buttons to navigate, power management hardware, Random Number Generators (RNG) and so on.

As you can imagine, there’s only so many manufacturers that make MCU’s that meet all these requirements whilst also being the right size, the right price, are reliable and so on. This means there’s only a few chip types out there to use. So which MCU does your Hardware Wallet use? It’s probably the STM32.

• Trezor: The Bill of Materials for their One and Model T devices both list the STM32
• Ledger: Their website states that their products use the STM32
• Coinkite: Their website states that the COLDCARD Mk4 uses the ​​STM32L4S5VIT6
• Foundation: Their Bill of Materials for their Passport device uses the STM32H753

As you can see, many of the top Hardware Wallets out there all use the same STM32 microcontroller, which becomes a problem because now you have the vast majority of Hardware Wallets all using the same product from the same manufacture: STMicroelectronics.

STMicroelectronics is a Dutch multinational corporation and technology company of French-Italian origin headquartered in Plan-les-Ouates near Geneva, Switzerland and listed on the French stock market. The company resulted from the merger of two government-owned semiconductor companies in 1987: Thomson Semiconducteurs of France and SGS Microelettronica of Italy.

Wikipedia

This is centralization and it’s bad because when something that’s critical to security is big and centralized, it can be compromised far more easily than if it’s decentralized over thousands and thousands of other smaller things. To make matters worse, STMicroelectronics was formally owned by two governments! So if the French, Italian or any other government wanted to insert a back door into the STM32 chip, it likely wouldn’t be too hard a thing to line up.

Compromises Have Happened Before

At this point you might be thinking that maybe all this “government spying on you” stuff sounds like a bunch of tin foil hat wearing, crazy conspiracy type thinking and you’re right. It is crazy. But. That doesn’t mean it hasn’t happened before… multiple times.

There’s been multiple programs that have been publicly exposed outlining the extraordinary lengths departments like the CIA or NSA will go to. From global monitoring programs like PRISM or MUSCULAR to the CIA literally buying companies like Crypto AG to spy on governments all over the world it’s clear that nothing is off bounds. Plus you know it’s not just America that’s doing this, it’s everyone.

But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.

Washington Post

Now it’s unlikely that the CIA or NSA is specifically after your precious bitcoins this is true, but when inserting back doors or going to the lengths these agencies go to there isn’t really room to “make sure it only gets the baddies”. It’s entirely possible that you and many others simply become a casualty of war or that the back doors they’ve put in place become public knowledge somehow and are exploited by others. Worse, they could be discovered and kept secret by criminals!

Regardless it’s clear that there is significant centralization of Hardware Wallet MCUs and that it’s highly likely governments around the world have the capability to covertly insert back doors, foreign code or simply force STMicroelectronics to alter their products without disclosing it to anyone. So what might this look like in reality?

One potential threat model has been raised by BitBox (makers of the BitBox02 Hardware Wallet) which they’ve called the Anti-Klepto attack:

When you Send A Bitcoin transaction, your wallet needs to create a signature. To create a signature, the wallet has to generate a random number, also called a “nonce”, which should be completely random and only used once. A malicious (hardware) wallet can manipulate these nonces so that transactions can contain arbitrary data, such as parts of the seed. That means that the transaction it creates contains a hidden secret.

BitBox

Essentially the compromised Hardware Wallet slowly leaks information about your private key inside the very transactions that get broadcast to the Bitcoin network. After “a few dozen” transactions, the attackers can look at the public Blockchain, piece together these bits of information and reconstruct your private key. Poof. There goes all your bitcoins.

For now it’s important to note there are other Hardware Wallets out there that don’t use the STM32:

• BitBox: Their website states that the BitBox02 uses ATSAMD51J20A
• Blockstream: The Bill of Materials for their Jade device lists the ESP32
• Keystone: The Bill of Materials for their 3 Pro device lists the MH1903-BGA169

While these ones obviously won’t suffer from any back doors that may or may not be in the STM32, who’s to say that would be governments or other bad actors haven’t infiltrated these MCU chips as well? Going even further there’s many places in the chain where compromises can happen:

• Chip Manufacturers: MCU or SE manufacturers can be forced by governments to insert back doors or even add special extra hidden hardware into the physical chip as discussed already
• Hardware Wallet Manufacturers: Companies like Ledger or Trezor could intentionally or via rouge employees insert back doors or otherwise compromise the hardware in some way
• Shipping: Once the Hardware Wallet has left the manufacturer, it can be intercepted and tampered with or replaced entirely by governments, rouge employees or other criminals

Going beyond the Hardware Wallet there’s also a number of other privacy issues that need to be taken into consideration too. We have a great beginners piece on Bitcoin Privacy where we go through many of the steps all Bitcoiners should be following, but it’s clear both security and privacy aren’t just simple matters that can be completely solved by buying one device.

What About General Purpose Hardware?

All this sounds very doom and gloom and has led many to suggest that the best way is to simply not use custom hardware for Hardware Wallets and instead make your own via General Purpose Hardware (GPHW). General purpose hardware is just a fancy name for things like a laptop or a Raspberry Pi. It’s a device that’s made for doing “any” compute task just like your laptop is.

These setups are usually all open source hardware and firmware and involve you going to a shop and buying a Raspberry Pi Zero or using an old laptop to DIY your own solution. You get the hardware, build it, then flash on the OS via a microSD card. There are fantastic projects like SeedSigner or even just using the Electrum wallet which is built right into the very secure Tails Linux OS which you can run on any laptop.

The thinking is that if the hardware is built for a general purpose, then no one can know you’re using it specifically as a Hardware Wallet. There are other problems with this though such as:

• No Secure Element: As there’s no SE, the device is much more susceptible to physical attacks if anyone ever gets their hands on it
• May Still Have Back Doors: Even though they don’t have a specific MCU in them, the general purpose hardware may still have back doors in it. This is because there are only a few number of CPU types out there, such as Intel, AMD or Arm. It’s also likely that it suffers from one of the many, many zero day bugs that are out there for these types of systems. Being a more complex device means they’ll also have a larger attack surface areas to exploit
• More Technical: While some might be fine with building their own SeedSigner from a Raspberry Pi Zero and flashing a custom firmware onto it… the vast majority can’t or won’t. Even if you’re technical enough to do this, you may unintentionally do something wrong or miss a critical step leaving your device vulnerable
• Host Device Compromised: As you need to flash an OS onto the Hardware Wallet you’re making, you need another (usually Internet connected) computer to do this. It’s possible that the OS image you’re flashing has been compromised or that the computer you’re using to do the flashing on has itself been compromised

How Can You Protect Yourself?

Sigh.

Right about now you’re probably thinking that this whole Hardware Wallet thing is just a giant absurd fiasco and that we should all just give up and go back to using Sea Shells as money. That’s understandable. Digital security is an exceptionally hard problem! So what’s the solution?

Well the best answer is that security is not about getting 100% perfect security. No system, no matter how good will ever be perfectly secure. Instead, real security experts know that the role of good security measures and systems is to create layers upon layers of protection around the thing you want secured.

These layers individually won’t stop an attacker, but together they will either stop them or at least slow them down enough so that you can intervene and do something in time before they’ve broken through and run off with all your funds.

Never trust someone that says their security is perfect. That’s a massive red flag!

Proper security is customized to your Threat Model and gives enough layers to ensure attackers are held off for long enough that you can take action. So how can you protect yourself the best? One widely accepted and top tier method is to, ironically, use all the Hardware Wallets. An Infinity Wallet if you will.

Using multiple Hardware Wallets all from different vendors and specifically using different MCU chip types together in a Multisig Wallet setup can be one potential solution. In this scenario you might have a 2-of-3 Multisig wallet that stores each of the 3 private keys on a Blockstream Jade, BitBox02 and COLDCARD Mk4 Hardware Wallet respectively.

This way, if all STM32 MCUs are somehow compromised and someone gets a hold of your private key on the COLDCARD Mk4, your funds would still be safe as the attackers only have 1 out of the required 2 keys.

To be very clear, this setup would be a bit more complex than a Multisig setup with all Hardware Wallets being from the same vendor, which itself is a bit more complex than a simple Single Signature Hardware Wallet setup. This increased complexity introduces the very real threat that you may mess something up and not be able to recover your funds when needed.

Security Is A Scale

While it’s obviously not the answer you want to hear, security is not absolute and instead comes on a scale with trade offs from one end to the other. Single Signature Hardware Wallets are much easier for most people with less things that can go wrong, but offer less security when it comes to things like the $5 Wrench Attack or the back door issues in the MCU we’ve been discussing.

Multisig wallets on the other hand can protect you against these security issues, but then introduce other potential pain points such as higher complexity which itself can lead to lost funds. This is why security experts always recommend you start by assessing your own personal Threat Model.

Understanding and building your own Thread Model is a very detailed piece in itself so we won’t go into it here, but hopefully this piece has opened your eyes to the fact that Hardware Wallets are not impenetrable fortresses. Hopefully it’s also made you realize that’s also OK.

FAQ