pull down to refresh
0 sats \ 3 replies \ @Roll OP 15 Apr \ parent \ on: CVE-2025-27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide bitcoin
Billions of devices using ESP32 are now potentially vulnerable, many of which serve as entry points into secure networks or as storage for cryptographic credentials.
“Attackers can spoof MAC addresses, manipulate memory, and inject malicious code… leading to theft of private keys of Bitcoin wallets.”
so the chip has to be physically compromised?
How did they compromise a Jade? The articles I've read don't provide any details.
Furthermore it doesn't say if this is remotely or what the mitigating techniques are
reply
Bitcoin Cryptanalysis: CVE-2025-27840 Vulnerability in ESP32 Microcontrollers Puts Billions of IoT Devices at Risk via Wi-Fi & Bluetooth
reply
Thanks i read it over.
My understanding is it relates to malicious 'modules' applied to the chip itself, probably through some sort of supply chain attack. It would require physical access to the chip/device and the installation of malicious firmware or updates that could be undetected.
The 'updates' would weaken the security of either interacting with private keys, or generating new ones not because the authentic modules are bad...
but if the device had been tampered with certain software functions would not work correctly and malicious modules could be added instead. There also seems to be some bluetooth vulnerabilities... but i don't know any bitcoin devices that use bluetooth explicitly.
Just goes to show the importance of open source review and testing. Thanks for the post!!!
reply