Fix SegWit Vulnerability, Trezor’s firmware update will cause user funds to be locked
According to Decrypt’s report on June 5, Trezor, a bitcoin hardware wallet based in the Czech Republic, released a firmware update two days ago. This update is to address the potential threat of wallets using the Segwit protocol. Segwit is a bitcoin transaction that makes bitcoin transactions cheaper and has less data on the chain.
However, despite Trezor’s updated patch to the wallet, this vulnerability still caused a lot of problems for Trezor users, because these users rely on hardware wallets to interact with other Bitcoin-related software, such as the privacy-focused Wasabi wallet and BTCPay .
Although the vulnerability has been patched, Trezor users who update Trezor and use Wasabi or BTCPay will be locked in funds. Wasabi and BTCPay urge users to refrain from updating until the compatibility issue between Trezor’s firmware update and wallet software is resolved.
About three months ago, independent hacker Saleem Rashid discovered the vulnerability and disclosed it to major hardware wallet manufacturers including Trezor and Ledger. With the downloadable firmware update, Trezor has completely resolved this vulnerability.
Although the developer told Decrypt that this vulnerability is difficult to exploit, people still pay close attention to the dynamics of Trezor, because Trezor is very popular in the integrated functions of third-party wallets. For example, hardware wallets can be connected to the popular privacy wallets Wasabi and Bitcoin payment portal BTCPay Server.
According to hardware wallet and software wallet developers, whether this vulnerability is exploited depends on whether the user has opened the following attack vectors:
Bitcoin users running SegWit download specific malware from attackers. The victim then executes a transaction with two “inputs”: one input is 10 bitcoins and the other is 5.001 bitcoins, so the transaction is a total of 15 bitcoins and the fee is 0.0001 bitcoins. After confirming the transaction, users will encounter an error message asking them to sign again. At this time, the attacker can switch the transaction input, one input is 15 BTC, and the other input is 0.0001 bitcoin.
With this switch setting, the transaction fee becomes 15 bitcoins, and the transaction amount becomes 0.0001 bitcoins. However, to be successful, the attacker must have a mining machine, and the mining machine can also happen to dig out the block containing the transaction. In addition, the victim must execute a spend transaction with at least two inputs at a time, and download the miner’s malware. In other words, it is not easy to exploit this loophole.
NVK, a hardware wallet manufacturer who was not informed of the vulnerability, mentioned that the attack launched against the vulnerability is “not very serious,” but updating the hardware wallet may “break the interaction between the hardware wallet and other wallet software.”
Trezor said it made a simple fix to this vulnerability. Pavol Rusnak, CEO of Trezor, explained in a statement:
The solution is simple. We need to process these transactions in the same way as segwit transactions and non-segregated witness transactions. This includes the wallet checking and re-verifying all previous transactions before sending new transactions.
What problems will be brought about by fixing the vulnerability
Nevertheless, although Trezor can easily solve this problem, it does not mean that it completely solves the problem of relying on Trezor wallet to interact with other software.
For example, this patch (allowing SegWit wallet to check and re-verify old transactions) does not work on some “third-party tools”.
Trezor will not be able to use these third-party tools to sign transactions until they complete the update. Due to the need to be responsible for the disclosure process, we cannot notify the relevant maintainers in advance.
Affected third-party tools include the privacy-focused Wasabi wallet, which was integrated with Trezor last year. Its founder Adam Fiscor announced on Twitter that Wasabi users should not update the firmware until the wallet solves the “compatibility issue”.
Fiscor told Decrypt via email that in his opinion, “the consequences of the firmware update causing Trezor users’ funds to be locked by the Wasab wallet are more serious than the attack itself.” Although he agrees with NVK, he can understand why Trezor “ Too careful to deal with this loophole.
Nicolas Dorier, the founder and head of the open source BTCPay Server, told Decrypt that he hopes Trezor will provide a “one to two month transition period so that users have time to transfer their funds.”
BTCPay Server is a decentralized bitcoin payment processor that includes some additional features, such as the Lightning Network, which was integrated with Trezor’s hardware wallet last year.
Dorier said his service may need to cancel support for Trezor and hardware wallets because users of BTCPay Server will not store all data on the blockchain; they run so-called “light” nodes and only store Bitcoin networks using BTCPay Server The required data makes it faster and easier to download and run BTCPay.
Therefore, like Wasabi, BTCPay is also urging users not to update to prevent their funds from being locked. As long as the user is running an older version of Trezor, there will be no major problems. In addition, users can also take another hardware wallet that has not been updated, and restore the wallet through a mnemonic word (which acts as a backup phrase for the wallet’s private key when the wallet is damaged or lost).
Currently, Wasabi and BTCPay inform Trezor users using their services not to worry, and remind them to transfer funds before the wallet update.