By data NIST researchers, an error designated as CVE-2025-27840 allows attackers to fake transactions and remotely remove closed keys, making bitcoin purses and stored cryptoactives vulnerable to theft.
The ESP32 chip, produced by the Chinese company Espressif, is widely used in devices like the Blockstream Jade hardware wallet and helps with the generation of BTC transaction signatures.
The vulnerability of the CVE-2025-27840 is associated with 29 undocumented HCI (Host Controller Interface) in the Bluetooth chip, which can be used for attacks, including falsification and falsification of devices, unauthorized data access and even compromise of the network. In addition, the random number generator in the ESP32 has insufficient entropy, which allows hackers to guess the pairs of cryptoscluckets by the enforcement method.
The Chinese manufacturer of the ESP32 chips, Espressif recognized the problem and the presence of undocumented functionality, but categorically rejected the presence of “backdor”, representatives of NIST said. Espressif promised to release an update soon to eliminate undocumented commands.
Earlier, a group of researchers from the University of the United States discovered a vulnerability in Apple devices based on the M1, M2 and M3 processors, which allows attackers to steal cryptographic keys, including from cryptocurrencies. It is impossible to protect against vulnerability and users of devices on these processors are available only to remove the cryptocurrency wallet.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
