Quickly understand the history and background of various well-known coins

Bitcoin Wallets Vulnerable to ESP32 Chip Flaw

Coin WorldThursday, Apr 17, 2025 5:59 am ET

1min read

A critical security vulnerability has been discovered in the ESP32 chip, manufactured by Espressif Systems, which poses a significant threat to the security of Bitcoin wallets. This flaw, identified as CVE-2025-27840, allows hackers to bypass security protocols and extract private keys, potentially leading to the theft of millions of dollars in digital assets worldwide. The vulnerability enables attackers to forge ECDSA signatures, facilitating unauthorized transactions that users cannot detect.

The ESP32 chip is widely used in various hardware wallets due to its cost-effectiveness and adaptability in embedded systems. The hardware of Blockstream Jade Plus wallet has also integrated the new ESP32-S3 chipset, intended for seamless operation. However, the chip’s Bluetooth and Wi-Fi connectivity exacerbates the risk, allowing hackers to deploy malicious updates and remotely extract sensitive data. This concern is especially acute for Electrum-based wallets.

In a real-world test, researchers successfully exploited this vulnerability to access a Bitcoin wallet holding 10 BTC, highlighting the potential for significant financial losses. The repercussions of this vulnerability extend beyond individual investors, raising broader concerns about comprehensive network security. Experts caution that it could enable state-sponsored espionage campaigns and coordinated theft operations targeting devices dependent on ESP32.

The discovery of this flaw has ignited debates about the reliability of Chinese-manufactured components within critical financial infrastructure. The push for manufacturers to provide transparency and disclose impacted products is becoming increasingly urgent to mitigate the risks and protect users. No specific wallet models have been broadly identified as affected so far.

Crypto Deep Tech warned that attackers can use various methods to gain access to the private key data of Bitcoin wallets through ESP32. The Crypto-MCP flaw could let hackers expose seed phrases or redirect blockchain transactions without user detection.

“Attackers can use various methods to gain access to the private key data of Bitcoin wallets through ESP32,” Crypto Deep Tech warned.

“I wouldn’t use ESP32 based hardware wallets for single sig,” cautioned X user nvk.