Share this article
Kraken: $75 Device Will Get You Into Crypto Hardware Wallet KeepKey
Kraken Security Labs said crypto hardware wallet KeepKey is not doing enough to protect customers from physical attacks, saying it was able to get into the system using a $75 device.
By David Pan
Updated Sep 13, 2021, 11:48 a.m. Published Dec 11, 2019, 7:48 p.m.
Make us preferred on Google
Kraken Security Lab said crypto hardware wallet KeepKey is not doing enough to protect customers from physical attacks, saying it was able to get into the system using a $75 device.
STORY CONTINUES BELOW
“All that is required is physical access to the wallet for about 15 minutes,” the firm said in a blog post on Tuesday.
Kraken Security Lab said KeepKey is already aware of similar physical attacks, but seems to be focusing more on protecting users’ keys from remote attacks, citing a statement from KeepKey’s parent Shapeshift on June 13.
The attacks can extract seeds that could help users restore and backup their wallets from a voltage glitching device costing roughly $75.
However, Michael Perklin, chief information security officer of Shapeshift, said Kraken Security’s statement is misleading, according to a statement received by CoinDesk. The crypto exchange acquired hardware wallet startup KeepKey for an undisclosed amount in August 2017 to develop its technology and security for its crypto holders.
“Not only does this attack require physical possession of the device, it would require significant preparation and expertise, as well as specialized equipment,” Perklin said.
“The cost is possible only if the person had an extremely sophisticated understanding of what was needed,” he added. “The average person would not have the education about hardware design or computer science to go pick out parts for $75 and successfully assemble a tool to use for this type of attack.”
Kraken Security Lab said in its blog post that while physical attacks are difficult to defend against, it found Keepkey’s focus on remote attacks “potentially out of line with the branding of [its] product.”
Perklin responded that KeepKey took measures to protect its users from potential physical attacks before Kraken notified it.
“We recommend our users use BIP39 passphrases that add an extra layer of security,” Perklin said. “The process is relatively easy and we provided step-by-step instructions on how to set up BIP39 in the June 13 statement.”
One of the reasons such physical attacks are difficult to prevent is KeepKey has to redesign its hardware. In particular, Kraken Security Lab claims, the wallet needs to change the microcontroller because of “inherent flaws” that could be used by hackers.
“It is important to understand that if you physically lose your KeepKey, this vulnerability could be used to access your crypto,” according to the blog post.
“It’s much like a door lock analogy. You can change the locks on your door as often as you want, but someone with enough time and expertise can always pick the lock,” Perklin responded.
“Redesigning KeepKey, or using a different microcontroller, might slow down an attacker if they have the physical device, but it will not stop them if they are determined, skilled and have enough time to break in,” he added.
Kraken Security Lab said it disclosed the full details of this threat of attack to KeepKey on Sept. 11 and is going public now so the crypto community can protect itself. Shapeshift confirmed it received the information and had asked its users to use the BIP39 passphrase before that time.
More For You
KuCoin captured a record share of centralised exchange volume in 2025, with more than $1.25tn traded as its volumes grew faster than the wider crypto market.
What to know:
- KuCoin recorded over $1.25 trillion in total trading volume in 2025, equivalent to an average of roughly $114 billion per month, marking its strongest year on record.
- This performance translated into an all-time high share of centralised exchange volume, as KuCoin’s activity expanded faster than aggregate CEX volumes, which slowed during periods of lower market volatility.
- Spot and derivatives volumes were evenly split, each exceeding $500 billion for the year, signalling broad-based usage rather than reliance on a single product line.
- Altcoins accounted for the majority of trading activity, reinforcing KuCoin’s role as a primary liquidity venue beyond BTC and ETH at a time when majors saw more muted turnover.
- Even as overall crypto volumes softened mid-year, KuCoin maintained elevated baseline activity, indicating structurally higher user engagement rather than short-lived volume spikes.
More For You
Ethereum Foundation makes post quantum security a top priority as new team forms
EF researcher Justin Drake says a new post-quantum team will drive wallet safety upgrades, research prizes and test networks as quantum timelines shorten.
What to know:
- The Ethereum Foundation has elevated post-quantum security to a top strategic priority, forming a dedicated Post Quantum team led by Thomas Coratger with support from leanVM cryptographer Emile.
- Researcher Justin Drake said Ethereum is shifting from background research to active engineering, including biweekly developer sessions on post-quantum transactions and multi-client post-quantum consensus test networks.
- The foundation is backing new cryptography with funding and outreach, launching two $1 million prizes, planning post-quantum community events and education, and stressing that blockchains must prepare early for quantum threats despite their long-term nature.
Top Stories
