BlockThreat - Week 27, 2019

Another quiet week with just a couple of news on critical vulnerabilities in Trezor hardware wallets and Monero. If you are planning to go to Defcon this year, stop by the Blockchain Village for plenty of talks on the blockchain security topics.

Bugs:

• Unfixable Seed Extraction on Trezor - A practical and reliable attack - a critical and unpatchable flaw was found in the Trezor family of hardware wallets which allows a technically sophisticated attacker to extract the master seed. The attack requires physical access to the device. The vulnerability is partially mitigated if a separate strong passphrase is set on top of the master seed to generate HD wallet keys. Trezor wallet team has stated that they were aware of the risk since the design phase.
• Monero security flaw could’ve seen XMR stolen from cryptocurrency exchanges - nine security vulnerabilities were disclosed as part of Monero’s bug bounty program including multiple DoS vulnerabilities and a critical flaw that could trick monero-wallet into thinking that it received arbitrary amount of XMR.

Events:

• Defcon 27 - Blockchain Village - CFP was announced for the upcoming blockchain village with the theme “Blockchain for Security” and “Security for Blockchain”.
• Breaking Bitcoin Training - additional training videos were released from the blockchain security conference last month.

This wraps it up for the quick update in the world of blockchain threat intelligence.