TREZOR, which has a reputation for being one of the safest hardware wallets available, said the vulnerability affects only versions of its hardware “lower than 1.5.2.”
Although specific technical details are unavailable, SatoshiLabs has sought to reassure users that only physical theft would present an opportunity for malicious actors to potentially compromise devices.
“It is important to note that this is not a remote execution attack,” the email to customers explains, which is available as a blog post here.
“To exploit this issue, an attacker would need physical access to a disassembled TREZOR device with uncovered electronics. It is impossible to do this without destroying the plastic case.”
It continued that “coins are safe” provided devices are kept within reach of their owners.
While more information is to circulate “in the coming days,” TREZOR added, various theories are already surfacing on social media as to the nature and severity of the vulnerability.
“Trezor so far greatly downplays the importance of this hack,” a Medium post claiming to have instructions for how to compromise 1.5.2 devices reads.
“There is no long-term access needed to copy all your secret information from Trezor using this hack; it can be done just in 15 seconds.”