Researchers have identified a new vulnerability in specific crypto hardware wallets that enables attackers to privately sign unauthorized Bitcoin transactions and steal private keys.
According to cybersecurity firm Crypto Deep Tech, wallets using the Chinese-made ESP32 chip a common microcontroller for embedded systems and connected devices are particularly at risk. This chip is often used in security-critical environments and hardware wallets like Blockstream Jade and open-source projects such as Bowser and Colibri, where it acts as a gateway to sensitive networks and stores cryptographic credentials.
The vulnerability allows attackers to exploit the chip’s Bluetooth and Wi-Fi connectivity to inject malicious updates, gaining low-level access to sensitive wallet data, including private keys. Notably, the chip features multiple flaws, such as a weak random number generator making Bitcoin private keys predictable, and inadequate validation checks that let invalid or low-value keys be used.
Electrum-based wallets are particularly vulnerable due to the chip’s flawed hashing logic, which enables attackers to exploit non-BIP-137 message formatting and create forged ECDSA signatures that pass as legitimate Bitcoin transactions.
What is most alarming about this vulnerability is its stealthy execution. In a real-world test, Crypto Deep Tech researchers successfully bypassed normal security measures, recovered a private key, and accessed a live Bitcoin wallet with 10 BTC without alerting the user.
The implications extend beyond cryptocurrency wallets; this vulnerability could lead to large-scale supply chain attacks, state-sponsored espionage, and coordinated theft campaigns targeting any network utilizing ESP32-powered devices.
To mitigate this threat, researchers recommend using trusted devices, keeping Bitcoin software updated, and employing secure cryptographic libraries to prevent key theft and transaction forgery.
While hardware wallets are generally viewed as a more secure option than software wallets, vulnerabilities remain a significant concern for cryptocurrency users. Recently, Ledger Donjon researchers discovered that Trezor’s latest Safe models still depend on a general-purpose microcontroller susceptible to physical attacks.Trezor devices, despite using a secure element for PIN and secret storage, are vulnerable to voltage glitching, a software-based attack that is difficult to detect.
