Coolwallet S security flaw lets hacker steal bitcoin and cryptocurrency easily
Folks at Kraken Security Labs have discovered a way to empty bitcoin and other crypto funds from the Coolwallet S hardware wallet when connected to its Android app.
As our team discovered, the Coolwallet cryptocurrency wallet logs PINs, pairing passwords, and hardware seeds in plaintext to your phone, so an attacker does not even need access to your actual hardware wallet.
Once someone has it, they can enter it into any wallet and steal your funds.
If you’re a user, you can take these steps to protect your cryptocurrencies:
1. Update your app to the newest version
2. Generate seeds on your CoolWallet crypto hardware wallet
3. Turn on options like App Lock and display destination addresses
4. Never carry or store your CoolWallet with its paired phone
Kraken team provided the full details of this attack to the CoolWallet S team on January 2nd 2020.
In response, they have released fixes to prevent the app from disclosing the seed, pairing password and App Lock PIN.
Full details can be found here. All credit goes to Kraken security labs for finding and notifying Coolwallet so that they could patch it quickly. Once the patch is applied to your Coolwallet hardware wallet, your funds are safe.