2 weeks ago
Opinion by: Igor Zemtsov, main exertion serviceman astatine TBCC
Crypto information is simply a ticking clip bomb. Updatable firmware mightiness conscionable beryllium the lucifer that lights the fuse.
Hardware wallets person go the beatified grail of self-custody, the eventual safeguard against hackers, scammers and adjacent authorities overreach. There’s an inconvenient truth, however, that astir radical ignore: Firmware updates aren’t conscionable information patches.
They’re imaginable backdoors, waiting for idiosyncratic — whether a hacker, a rogue developer oregon a shady 3rd enactment — to footwear them wide open.
Every clip a hardware wallet shaper pushes an update, users are forced to marque a choice. Hit that update fastener and anticipation for the best, oregon garbage to update and hazard utilizing outdated bundle with chartless vulnerabilities. Either way, it’s a gamble.
In crypto, a atrocious gamble tin mean waking up to an bare wallet.
Firmware updates aren’t ever your friend
Updating firmware sounds similar communal sense. More security! Fewer bugs! Better idiosyncratic experience!
Here’s the thing: Every update is besides an accidental not conscionable for the wallet supplier but for anyone with the power, oregon motivation, to tamper with the process.
Hackers imagination of firmware vulnerabilities. A rushed oregon poorly audited update tin present tiny, astir imperceptible flaws — ones that beryllium successful the background, waiting for the close infinitesimal to drain funds. And the champion part? Users volition ne'er cognize what deed them.
Then there’s the much unsettling possibility: deliberate backdoors.
Recent: Hardware wallet Ledger helps rival Trezor resoluteness information vulnerability
Tech companies person been forced to see government-mandated surveillance tools before. What makes anyone deliberation hardware wallet makers are exempt? If a regulatory bureau — oregon worse, a transgression enactment — wants entree to backstage keys, firmware updates are the cleanable onslaught vector. One hidden function. One disguised enactment of code.
That’s each it takes. Still deliberation firmware updates are harmless?
Firmware vulnerabilities are already being exploited
This isn’t immoderate far-fetched, doomsday scenario. It has already happened.
Ledger, 1 of the biggest names successful crypto security, had a large information situation successful 2018 erstwhile information researcher Saleem Rashid exposed a vulnerability that allowed attackers to regenerate Ledger Nano S firmware and hijack backstage keys. Nearly 1 cardinal devices were astatine hazard earlier a hole was rolled out. The scary part? There was nary mode for users to cognize if their devices had already been compromised.
In 2023, OneKey suffered a akin nightmare. White chapeau hackers demonstrated that its firmware could beryllium cracked successful specified seconds. No crypto was mislaid — this time. But what if existent attackers had recovered the flaw first?
Then came the “Dark Skippy” exploit, taking firmware-based attacks to an wholly caller level. With conscionable 2 signed transactions, hackers could extract a user’s full effect operation — without mounting disconnected a azygous alarm. If firmware updates tin beryllium manipulated this easily, however tin anyone beryllium definite their assets are safe?
The hidden terms of updatable firmware
To beryllium fair, not each firmware updates are information disasters. Ledger uses a proprietary operating strategy and unafraid constituent chips for added extortion now. Trezor takes an open-source approach, allowing the assemblage to scrutinize its firmware. Coldcard and BitBox02 springiness users manual power implicit updates, reducing — but not eliminating — risk.
Here’s the existent question: Can users ever beryllium 100% definite that an update won’t present a fatal flaw?
Some wallets person decided to destruct the hazard altogether. Tangem ships with fixed, non-updatable firmware, meaning that its codification tin ne'er beryllium altered erstwhile the instrumentality leaves the factory. No updates. No patches.
Of course, this attack has its trade-offs. If a vulnerability is discovered, there’s nary mode to hole it. But successful security, predictability matters.
Real crypto information means taking backmost control
The crypto marketplace was worthy $2.79 trillion arsenic of March 2025. With that overmuch wealth connected the table, cybercriminals, rogue insiders and overreaching governments are ever looking for anemic points. Hardware wallet makers should beryllium laser-focused connected security.
Choosing a hardware wallet shouldn’t consciousness similar gambling with backstage keys. It shouldn’t impact unsighted spot successful a corporation’s quality to propulsion updates responsibly. Users merit much than vague reassurances. They merit information models that enactment power wherever it belongs — with them.
Security isn’t astir convenience. It’s astir control. Any strategy that requires trusting chartless developers, opaque update processes oregon firmware that tin beryllium changed astatine will? That’s not control. That’s a liability.
The lone existent mode to support a hardware wallet safe? Remove the guesswork. Strip distant the unsighted trust. Always probe the developers’ backgrounds, cheque their way grounds for information incidents, and spot however they’ve handled past vulnerabilities. Stick to verifiable facts — information should ne'er beryllium based connected assumptions.
Opinion by: Igor Zemtsov, main exertion serviceman astatine TBCC.
This nonfiction is for wide accusation purposes and is not intended to beryllium and should not beryllium taken arsenic ineligible oregon concern advice. The views, thoughts, and opinions expressed present are the author’s unsocial and bash not needfully bespeak oregon correspond the views and opinions of Cointelegraph.
English (US) 