Trezor’s latest hardware wallets feature secure elements but are still vulnerable to attacks targeting their microcontrollers, Ledger claims. In the constantly shifting world of crypto security, even the most advanced hardware wallets aren’t immune to emerging threats. Now, cybersecurity experts at Ledger Donjon, the research arm of physical crypto wallet Ledger , are raising concerns about its rival Trezor . Despite its reputation for secure design, Trezor’s Safe models appear vulnerable to physical attacks. While the devices feature dual-chip setups and certified secure elements, researchers at Ledger argue that these models aren’t fully protected against determined hackers. In a March 12 blog post , Ledger notes that the new Trezor Safe devices were designed with better security features, including a two-chip setup with a certified Secure Element (Optiga Trust M) for storing PINs and cryptographic secrets. Yet, Ledger says critical cryptographic operations “are still performed on a microcontroller however,” which makes attacks in more “advanced threat models possible.” “The microcontroller used is labeled TRZ32F429 – this is actually a STM32F429 chip packaged into a BGA with custom markings. In spite of the Trezor-specific package however, it is really electrically the same as a STM32F429, and this chip’s family is known to be vulnerable to voltage glitching, enabling read and write access to its flash contents.” Ledger You might also like: Ledger eliminated exploit, company’s CEO comments on situation While the devices include mechanisms to prevent tampering, Ledger believes these defenses are not foolproof, stating that it is only “a matter of time and engineering effort to pull off the attack in practice.” Most importantly, the researchers argue that the attack can be executed “purely in software,” making it “very hard, if not impossible,” to detect either cryptographically or through visual inspection. Despite these risks, Trezor Safe devices are considered a step forward in crypto hardware security, Ledger admits, though emphasizes that continued vigilance is needed to address potential weaknesses in the supply chain. Following the publication of the research, Trezor’s X account reassured users that their funds “remain safe,” noting that Ledger Donjon had reused a “previously known attack to bypass some of our countermeasures against supply chain attacks in Trezor Safe 3.” Read more: ‘Where there’s money, there will be hackers’: Ledger CEO
In a recent update from COINOTAG News, trader Eugene Ng Ah Sio provided insights on Bitcoin’s current market trajectory. He observed that Bitcoin is projected to sustain a **downtrend** in
Trezor’s latest hardware wallets, the Safe 3 and Safe 5, have some serious security issues, according to a report from Ledger that was released on March 12. The report said that its security research team, Ledger Donjon, found that these devices had a ton of vulnerabilities in their microcontrollers that could allow hackers to gain remote access to user funds. The flaws come despite Trezor’s upgrade to a two-chip design that includes an EAL6+ certified Secure Element. While the Secure Element protects PINs and private keys, Ledger’s report reveals that all cryptographic operations are still performed on the microcontroller, which is vulnerable to voltage glitching attacks. If exploited, an attacker could extract cryptographic secrets, modify firmware, and bypass security checks, leaving user funds at risk. Trezor’s new security design fails to protect critical operations Trezor launched the Safe 3 in late 2023, followed by the Safe 5 in mid-2024, and both wallets introduced an upgraded two-chip design, in efforts to move away from the single-chip architecture used in older Trezor models. The upgrade also added an Optiga Trust M Secure Element from Infineon, which will be a dedicated security chip to store PINs and cryptographic secrets. According to Ledger’s findings, this Secure Element prevents access to sensitive data unless the correct PIN is entered. It also blocks hardware attacks like voltage glitching, which were previously used to extract seed phrases from models like Trezor One and Trezor T. PCBs of two Trezor Safe 3, one running genuine software and the other running modified firmware | Source: Ledger But despite these improvements, Ledger Donjon’s research shows that the main cryptographic functions—including transaction signing—still happen on the microcontroller, which remains a major security weakness. The microcontroller used in the Safe 3 and Safe 5 is labeled TRZ32F429, which is actually a custom-packaged STM32F429 chip. This chip has known vulnerabilities, specifically voltage glitching exploits that allow attackers to gain full read/write access to the flash memory. Once an attacker modifies the firmware, they could manipulate entropy generation, which plays a key role in cryptographic security. This could lead to remote theft of private keys, giving hackers complete access to user funds. Authentication system fails to verify microcontroller integrity Trezor uses cryptographic authentication to verify its devices, but Ledger Donjon found that this system does not check the microcontroller’s firmware. The Optiga Trust M Secure Element generates a public-private key pair during production, and Trezor signs the public key, embedding it into a certificate. When a user connects their wallet, Trezor Suite sends a random challenge that the device must sign using its private key. If the signature is valid, the device is considered authentic. How the Optiga Trust M Secure Element works | Source: Ledger But Ledger’s research shows that this process only verifies the Secure Element, not the microcontroller or its firmware. Trezor attempted to link the Secure Element and microcontroller using a pre-shared secret, which is programmed into both chips during manufacturing. The Secure Element will only respond to signature requests if the microcontroller proves knowledge of this secret. The problem? This pre-shared secret is stored in the microcontroller’s flash memory, which is vulnerable to voltage glitching attacks. Ledger’s team was able to extract the secret, reprogram the chip, and bypass the authentication process entirely. This means an attacker could modify the firmware while still passing Trezor’s security checks. Ledger’s report describes how they built a custom attack board, which allowed them to break out the TRZ32F429’s pads onto standard headers. This setup lets them mount the microcontroller onto their attack system, extract the pre-shared secret, and reprogram the device without detection. Once reprogrammed, the device would still appear legitimate when connected to Trezor Suite since the cryptographic attestation system remains unchanged. This creates a dangerous situation, where compromised Trezor Safe 3 and Safe 5 wallets could be sold as genuine devices, while secretly running malicious firmware that steals user funds. Firmware validation is bypassed, leaving users exposed Trezor does include a firmware integrity check in Trezor Suite, but Ledger Donjon found a way to completely bypass this protection. The firmware check works by sending a random challenge to the device, which then computes a cryptographic hash using both the challenge and its firmware. Trezor Suite verifies this hash against a database of genuine firmware versions. At first glance, this method seems kind of effective—an attacker can’t just hardcode a fake hash because they wouldn’t know the random challenge in advance, so the device must compute the hash in real time, proving it’s running genuine firmware. However, Ledger Donjon discovered a way to fully bypass this protection. Since the microcontroller handles this computation, an attacker can modify its firmware to fake a valid response. Source: Ledger By manipulating how the device calculates the hash, the attacker can make any firmware version appear authentic. This is a serious issue because it allows attackers to run modified software while still passing Trezor Suite’s verification checks. As a result, a compromised Trezor Safe 3 or Safe 5 could still appear legitimate while secretly leaking private keys or altering transaction data. Ledger’s report concludes that the only way to fully secure the Safe 3 and Safe 5 would be to replace the microcontroller with a more secure alternative. The Trezor Safe 5 does include a more modern microcontroller, the STM32U5, which has no publicly known fault injection attacks—at least for now. But since it’s still a standard microcontroller, not a dedicated Secure Element, the risk remains that new attack methods could be discovered. Trezor has already patched the vulnerabilities, but the underlying security concerns remain. Until the microcontroller itself is fully secured, users will have to trust Trezor’s software protections, which Ledger Donjon’s research has already proven can be bypassed. Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
Popular crypto analyst Ali Martinez (@ali_charts) recently highlighted a significant technical development for XRP, noting that its Market Value to Realized Value (MVRV) ratio has crossed the 200-day moving average (MA). This shift, captured in Martinez’s chart, has prompted discussions within the community regarding its potential implications for the asset’s price trajectory. The MVRV ratio is a widely used metric to assess whether a cryptocurrency is overvalued or undervalued by comparing its market value to the average purchase price of holders. When the MVRV ratio moves above the 200-day MA, it can indicate a potential bullish trend reversal, whereas a sustained decline below this threshold may signal extended bearish conditions. $XRP MVRV Ratio just crossed over, signaling a potential macro trend shift ahead! pic.twitter.com/eT7PIA80da — Ali (@ali_charts) March 11, 2025 Diverging Opinions on XRP’s Market Direction Following Martinez’s observation, community members shared mixed reactions regarding what this crossover means for XRP’s market movement. One commenter pointed out that this could be a bearish indicator in the short term. He emphasized that the digital asset’s price action relative to the MVRV ratio’s position will be crucial in determining the next trend. “If the MVRV ratio stays below the 200-day MA for an extended period, it could signal a longer-term market correction for XRP,” he noted. Another market participant emphasized XRP’s resistance levels, suggesting that rejection at current levels could push the price downward. However, a breakout above key support could reinforce bullish momentum. We are on twitter, follow us to connect with us :- @TimesTabloid1 — TimesTabloid (@TimesTabloid1) July 15, 2023 XRP’s Current Landscape XRP has recently struggled to establish a decisive trend. According to a recent analysis by Martinez, the digital asset has been consolidating within a symmetrical triangle pattern. He predicted a 23% price movement following the breakout from this pattern. This technical formation suggests that the asset is approaching a pivotal moment, making the MVRV crossover an even more critical development. Furthermore, increasing whale activity has been observed in the XRP market. Whale transactions have been consistently rising, which may provide underlying support for a potential upward movement. Large-scale investors accumulating XRP could indicate growing confidence in its long-term prospects. Key Price Levels to Watch for XRP If the digital asset can establish a strong foothold above current price zones, it may reignite bullish momentum. However, failure to sustain critical support could expose it to further declines. The digital asset is trading at $2.2, after a notable rebound from the resistance level near $1.9 on March 11. Martinez recently outlined how the digital asset could regain bullish momentum if it remains above $2. With the asset holding this level, sustained buying pressure and favorable market conditions could propel it toward the $5 mark in the long run. Disclaimer : This content is meant to inform and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not represent Times Tabloid’s opinion. Readers are urged to do in-depth research before making any investment decisions. Any action taken by the reader is strictly at their own risk. Times Tabloid is not responsible for any financial losses. Follow us on X , Facebook , Telegram , and Google News The post XRP MVRV Ratio Crosses Key Level. Here’s What Is Next appeared first on Times Tabloid .
Cardano's price surged over 17% in just 36 hours. Gemini listing speculation boosts investor interest in ADA coin. Continue Reading: Cardano’s Recent Surge Captivates Cryptocurrency Enthusiasts The post Cardano’s Recent Surge Captivates Cryptocurrency Enthusiasts appeared first on COINTURK NEWS .
The OFFICIAL TRUMP COIN price, a cryptocurrency linked to former U.S. President Donald Trump, rose significantly today, increasing by over 20%. The TRUMP coin hit a high of $11.57, sparking interest across the crypto community before correcting again. This sudden surge was connected to a report from Crypto news outlet db, which claimed their account was hacked, leading to speculation and a sharp rise in open interest. Let’s Uncover why. TRUMP Coin Price Spikes 21%: What’s Behind the Surge? Over the past 4 hours, the TRUMP Coin price has surged by 21%, sparking considerable attention in the crypto community. This sharp increase in value has come amidst rumors about its potential utility, which have now been discredited. Currently, the TRUMP Coin price is trading at $10.88, as other crypto market continues to trade sideways. Crypto news outlet DB, which operates under the Twitter handle @tier10k, has reported that its account was compromised. The platform clarified that a post stating the TRUMP Coin would have real utility was a result of the hack. The post, which generated significant interest, was later deleted as part of efforts to rectify the situation. [ ] DB ( @tier10k )’s account compromised, been used to send malicious fake news — Tree News (@TreeNewsFeed) March 13, 2025 Earlier reports had sparked optimism about the coin’s future, with claims suggesting it could have tangible use cases. However, these statements have since been dismissed following the confirmation of the hack. The security status of crypto-related accounts faces rising security concerns through this incident. The post first raised doubts before the news outlet verified its inaccuracies which originated from unauthorized sources. Obviously hacked Do not trust any messages for now Unclear what happened, 2FA/Yubikey etc all enabled Will post details when I get them — db (@tier10k) March 13, 2025 At this stage, the fate of the TRUMP Coin remains uncertain as the community waits for further clarification. The spike in its price, although significant, may be linked to the misinformation that was widely shared before it was retracted. @tier10k mentioned a hack. Avoid trusting any current messages. The TRUMP pre-scam news open interest around 700k was entirely attributed to HL, marking an unprecedented crime level. The entire $TRUMP pre-scam news OI (700k~) came from HL Unprecedented levels of crime pic.twitter.com/bWCgRo28Zb — illiquidity providooooor (@skyquake_1) March 13, 2025 To sum up, TRUMP Coin’s 21% price spike, caused by a hacked post, underlines the risks in the crypto market. The situation remains unresolved as the community seeks further clarity. The post Why President Trump’s TRUMP Coin Price Shot up 21% Today? appeared first on CoinGape .
Ether faces a pivotal moment as macroeconomic factors continue to shape its price trajectory, with analysts optimistic about its potential to reclaim the $2,500 mark. Despite recent volatility, Ether’s on-chain
According to data from COINOTAG News dated March 13th, the renowned trading entity known for its substantial **”81% Win Rate”** in **ETH** and **BTC** swing trading has ceased operations since
Coinbase has announced that it will suspend trading of FLOKI, TURBO, and GIGA tokens in New York starting at 14:00 UTC on April 14, 2025. Coinbase to Suspend Trading of FLOKI, TURBO, and GIGA in New York The decision follows a recent asset review to ensure compliance with the exchange's listing standards. These tokens were recently listed on Coinbase-FLOKI in November 2024, followed by TURBO and GIGA in December 2024. While trading in these assets has been halted in New York, Coinbase did not indicate whether similar actions would be taken in other jurisdictions. Coinbase regularly evaluates its listings to ensure compliance with regulatory requirements and internal policies. The exchange did not confirm whether the suspension is temporary or if the assets are facing a potential full delisting. Floki Inu (FLOKI) is a cryptocurrency inspired by an internet meme, just like Shiba Inu (SHIB) and Dogecoin (DOGE). Floki, named after Elon Musk's Shiba Inu dog, was created as a joke coin but it promises more than that with its different application areas. Turbo Coin (TURBO) is a revolutionary memecoin identified by a progressive frog mascot. GIGA Coin is a meme token built on the Solana blockchain, inspired by the popular “Gigachad” meme. *This is not investment advice. Continue Reading: Bitcoin Exchange Coinbase Announces Regional Delisting of Three Memecoins! Here Are the Details
OKX has announced the acquisition of a Markets in Financial Instruments Directive (MiFID II) license, marking a significant milestone in its growth strategy in Europe. This license, pending regulatory approval, will enable the exchange to launch derivative products and services tailored for institutional clients across the region. The announcement was made during an event in