A critical flaw in the ESP32 chip puts crypto hardware wallets at risk, allowing private key extraction and unauthorized transactions - IcoHolder.

A major security vulnerability discovered in crypto hardware wallets using the popular ESP32 chip has sparked alarm across the digital asset space, with researchers warning that attackers can quietly extract private keys and sign unauthorized Bitcoin transactions without user awareness.

Cybersecurity firm Crypto Deep Tech revealed the flaw in a recent report, identifying serious weaknesses in the ESP32 microcontroller — a Chinese-made chip frequently found in crypto wallets such as Blockstream Jade and open-source devices like Bowser and Colibri. The chip, widely used for its Bluetooth and Wi-Fi connectivity in embedded systems, has now become a potential backdoor for theft and espionage.

Researchers demonstrated how attackers can exploit the chip’s wireless capabilities to inject malicious firmware, bypass normal validation checks, and gain low-level access to sensitive wallet functions. Among the most critical issues are a weak random number generator, which makes Bitcoin private keys dangerously predictable, and broken logic that permits the use of invalid cryptographic keys.

In a chilling real-world test, the researchers successfully exploited these vulnerabilities to retrieve the private key of a Bitcoin wallet containing 10 BTC — worth over $600,000 at current prices — without triggering any alerts or security warnings for the user.

The impact goes beyond just Bitcoin wallets. Experts warn that ESP32 vulnerabilities could enable large-scale supply chain attacks, coordinated theft operations, and even state-sponsored espionage, particularly in sectors that rely on embedded devices for secure communication or access control.

Electrum-based wallets are particularly at risk due to flawed hashing logic that can be exploited to forge ECDSA signatures. Attackers can manipulate non-standard message formats to generate transactions that appear legitimate on the Bitcoin network, further complicating detection and recovery.

To reduce the threat, security researchers advise users to rely on trusted, audited devices, keep firmware and wallet software up to date, and ensure the use of well-established cryptographic libraries.

While hardware wallets are typically promoted as the safest way to store cryptocurrency, this report underscores that they are not immune to critical flaws. Just last month, Ledger Donjon researchers revealed that Trezor’s latest Safe models, despite incorporating secure elements, remain vulnerable to physical attacks via voltage glitching — an exploit that can be performed entirely in software and evade standard protections.

As crypto adoption continues to grow, experts emphasize the need for robust hardware design and transparent security practices to protect user assets from increasingly sophisticated threats.