Celah Chip ESP32 Baru Biarkan Peretas Curi Kunci Bitcoin dari Dompet Populer
New ESP32 Chip Flaw Lets Hackers Steal Bitcoin Keys from Popular Wallets https://cryptonews.com/news/crypto-wallets-using-chinese-made-esp32-chip-vulnerable-to-private-key-theft-report/

New ESP32 Chip Flaw Lets Hackers Steal Bitcoin Keys from Popular Wallets

A dangerous security flaw has been discovered in the Chinese-manufactured ESP32 chip, a microcontroller embedded in billions of IoT devices, including several popular crypto wallets. Cybersecurity firm Crypto Deep Tech found the vulnerability, which was officially cataloged as CVE-2025-27840 in March. This bug allows attackers to forge cryptographic signatures and steal private keys without users’ knowledge.

ESP32 Chip Vulnerability Targets Core Cryptographic Operations

Researchers revealed that the flaw stems from multiple weaknesses in the ESP32 architecture, including a weak pseudo-random number generator (PRNG) that makes cryptographic keys dangerously predictable and a failure to reject invalid private keys (≤ 0).

Cryptographic flaws in ESP32 chip/ Source: Crypto Deep Tech

These design lapses make the chip vulnerable in crypto use cases. "The ESP32 acts as a gateway to sensitive networks and cryptographic credentials," the report warns.

Wallets like Blockstream Jade face high risks. Attackers can also exploit the chip’s Bluetooth and Wi-Fi capabilities to spoof MAC addresses, manipulate memory, and inject malicious code to steal Bitcoin keys. In one simulated attack, researchers extracted the private key to a wallet containing 10 BTC without alerting the owners.

ESP32 flaw reveals live crypto wallet with 10 BTC/ source: Crypto Deep Tech

One of the exploit’s most alarming aspects is the electrum_sig_hash function, which is used in Electrum-based wallets. The function’s flawed logic allows attackers to exploit non-standard message formatting and generate forged ECDSA signatures that validate legitimate Bitcoin transactions.

Due to the ESP32’s support for message prefixing, Bitcoin addresses can be encoded before applying double SHA256 hashing, bypassing typical safeguards and allowing forgery.

Wider Implications Beyond Crypto Wallets

ESP32 chips are embedded in millions of smart home devices, routers, and automation systems. Experts warn that the bug could lead to massive state-level cyberattacks and supply chain compromises.

"This is not just about Bitcoin. It’s about the security of the internet-connected world," the researchers stated.

Although commercial wallets like Ledger and Trezor incorporate enhanced security, they are not invincible. A March 13 security audit by Ledger found that Trezor’s Safe 3 and Safe 5 models are vulnerable to supply chain attacks due to their reliance on microcontrollers for key verification and cryptographic operations.

Growing Threat of Hardware Vulnerabilities

The ESP32 flaw is not an isolated case. In March 2024, researchers uncovered a serious side-channel vulnerability in Apple’s M-series chips that allowed attackers to extract encryption keys via microarchitectural design flaws, rendering them unpatchable by software updates.