Cryptocurrency security firm Unciphered has publicly demonstrated a hardware-level exploit capable of extracting seed phrases from the Trezor T hardware wallet, sending ripples through the crypto community at a time when hardware wallet security is already under intense scrutiny. The demonstration, posted on May 25, 2023, raises critical questions about the physical security assumptions that millions of cryptocurrency holders rely upon to protect their digital assets.
The Exploit Mechanics
The attack, showcased in a video by Unciphered co-founder Eric Michaud, involves physically dismantling the Trezor T device to access its internal components. The exploit targets the STM32 microcontroller chip at the heart of the Trezor T hardware. By connecting specialized equipment directly to the chip after opening the device casing, Unciphered was able to bypass the wallet’s firmware-level protections and extract the stored seed phrase directly from the hardware.
What makes this exploit particularly alarming is its permanence. Michaud stated unequivocally that the vulnerability is “unfixable with firmware updates.” Unlike software vulnerabilities that can be patched through over-the-air updates, this is a fundamental hardware limitation of the STM32 chip itself. The only comprehensive fix would require Satoshi Labs, Trezor’s parent company, to recall all affected products and replace them with devices incorporating a different chip architecture — a step Michaud acknowledged the company is unlikely to take.
The exploit bears resemblance to an RDP (Readout Protection) downgrade attack, a known class of vulnerabilities in ARM-based microcontrollers. However, Unciphered claims their method differs from previously disclosed attacks that Trezor patched in 2019, stating that the old attack vector was addressed but the underlying hardware vulnerability remains exploitable through alternative techniques.
Affected Systems
The Trezor T, manufactured by Satoshi Labs, is one of the most widely used hardware wallets in the cryptocurrency ecosystem. With Bitcoin trading at approximately $26,476 and Ethereum at $1,806 on the date of the disclosure, the potential value at risk for affected users is substantial. Any Trezor T device that falls into physical possession of an attacker could theoretically be compromised using this technique.
Trezor responded to the demonstration by characterizing the attack as similar to a known RDP downgrade method. The company emphasized that executing the exploit requires physical theft of the device, extreme technical knowledge, and advanced laboratory equipment — significantly raising the bar for potential attackers. The attack cannot be performed remotely and does not affect devices that remain in their owners’ possession.
Notably, the Trezor T used in Unciphered’s demonstration was provided by CoinDesk, following extensive conversations about the supposedly unpatchable nature of the vulnerability. This independent verification lends additional credibility to Unciphered’s claims.
The Mitigation Strategy
Trezor has been aware of the physical attack surface presented by the STM32 chip and has been working on a long-term solution through its sister company, Tropic Square. This subsidiary is developing the world’s first auditable and transparent secure element chip, which would fundamentally address the hardware vulnerability class exploited by Unciphered. However, this custom chip remains in the prototype testing phase and is not yet available in consumer devices.
In the meantime, Trezor users can mitigate risk through several practical measures. Enabling the device’s passphrase feature adds a 25th word to the seed phrase that is never stored on the device itself, meaning that even a successful physical extraction of the 24-word seed would not grant access to funds protected by the passphrase. Additionally, physical security of the device remains the primary defense — keeping the hardware wallet in a secure location and being aware of who has physical access to it.
The broader hardware wallet industry is also responding. The controversy has prompted renewed interest in devices that incorporate dedicated secure elements, such as those from Ledger and Coldcard, although each approach carries its own tradeoffs between security and openness.
Lessons Learned
The Unciphered disclosure underscores a fundamental tension in hardware wallet design: the balance between open-source transparency and physical security. Trezor’s fully open-source approach allows independent security researchers to audit every component of the system, which is a significant advantage for trust verification. However, the use of a standard microcontroller without a dedicated secure element creates an attack surface that determined adversaries with physical access can exploit.
This incident also highlights the importance of layered security. No single measure provides complete protection. The combination of physical device security, passphrase protection, and operational security practices creates a defense-in-depth approach that significantly raises the cost and complexity of any attack.
For the cryptocurrency community, the timing of this disclosure is particularly significant. It coincides with the ongoing controversy surrounding Ledger’s Recover feature, which has already shaken user confidence in hardware wallet providers. Together, these events are driving a broader conversation about what users should expect from their security hardware and how the industry can better protect end users.
User Action Required
Trezor T owners should take immediate steps to evaluate their security posture. First, enable the passphrase feature if not already active — this provides critical protection even if the seed phrase is physically extracted. Second, ensure the physical security of the device by storing it in a location where unauthorized access is prevented. Third, consider whether the threat model of physical theft is relevant to your situation; for most individual users, the risk remains low given the specialized equipment and expertise required. Finally, stay informed about Trezor’s development of the Tropic Square secure element, which represents the company’s long-term hardware solution to this class of vulnerabilities. The cryptocurrency security landscape continues to evolve, and vigilance remains the strongest defense.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research before making decisions about cryptocurrency security.
the STM32 vulnerability has been known in hardware circles for years, unciphered just made it public. still scary stuff if someone gets physical access to your device
agreed, the physical access part is key though. if someone has your device in hand you have bigger problems than firmware
known in hardware circles but trezor never acknowledged it publicly until unciphered forced their hand
unfixable with firmware updates is the part that should worry everyone. means every trezor T ever made has this flaw forever
unfixable means every Trezor T ever sold is vulnerable. physical access argument is fine until customs or mugging scenarios enter the chat
customs seizure is the real threat model. border agents can hold your device for hours, plenty of time for the exploit
STM32 chips are in thousands of devices beyond crypto wallets. this exploit class is bigger than just Trezor
passphrase users are fine though. even with the seed extracted, without the passphrase the attacker gets an empty wallet