The popular microcontroller used in billions of IOT devices and cryptocurrencies contain serious errors that threaten the theft of bitcoins. This is reported by Crypto Deep Tech experts.
The vulnerability that received the CVE-2025-27840 identifier in the NIST database affects the ESP32 chip used to connect by Wi-Fi and Bluetooth. The bug allows attackers to permanently infect microcontrollers by renewal, providing opportunities for future attacks.
After hacking, the attackers can unauthorized signed cryptotrazations and remotely steal closed keys.
The microcontroller installed in hardware wallets like Blockstream Jade also has insufficient entropy of the pseudo -randomic number generator (PRNG) used to create a transaction signature. This allows attackers to guess the vapors of the keys by direct selection.
During the experiments, experts checked the vectors of possible attacks through identified errors. The implementation of scripts allowed:
- generate invalid closed keys using PRNG deficiencies;
- Fake bitcoin signatures due to incorrect hashing;
- extract private keys using small groups and manipulation of ECC cryptographic operations;
- Generate fake open keys through the operation of ambiguity of coordinates Y on the ECC curve.
In studies, Crypto Deep Tech experts used a real wallet with 10 BTC.
In March, the manufacturer of Trezor hardware cryptocurns eliminated the vulnerability in SAFE 3 and SAFE 5 models. The problem was related to the microcontroller for conducting cryptographic operations.
Be in the know! Subscribe to Telegram.
Source: Cryptocurrency
I am an experienced journalist and writer with a career in the news industry. My focus is on covering Top News stories for World Stock Market, where I provide comprehensive analysis and commentary on markets around the world. I have expertise in writing both long-form articles and shorter pieces that deliver timely, relevant updates to readers.
