A new bug called “Zenbleed” affecting specific AMD CPUs has been found that can potentially leak info, such as keys attached to crypto wallets.
AMD Zenbleed May Be Exploited To Leak Crypto Wallet Keys
As reported by the computer-focused news website Tom’s Hardware, a new vulnerability related to AMD CPUs has been discovered that can compromise sensitive info such as passwords and encryption keys.
This bug was independently found by Travis Ormandy, a Google Information Security researcher, who has now made public a documentation of this vulnerability.
The Zenbleed exploit works on all products that use AMD’s “Zen 2” architecture. Tom’s Hardware notes that even the AMD EPYC processors in data centers aren’t free from this vulnerability.
With this bug, a malicious hacker can potentially get locked information through the CPU and be able to access the user’s login credentials. Naturally, this also means that the keys of a crypto wallet, if installed on the same hardware, may no longer be safe.
This vulnerability is so powerful that the attacker doesn’t require physical access to the PC or server; it can be executed through javascript on a webpage, like that inside an ad.
AMD has released a new security advisory about Zenbleed that breaks down when the different patches may be released for its various products. According to this information, the consumer CPUs from the Ryzen 3000 and 4000 series, and some from the 5000 line, will not get appropriate fixes until November and December of this year. This would suggest that these home-computer processors might not be protected until the end of the year.
“AMD’s processors used in the PS5, Xbox Series X, and S, and Steam Deck are all also powered by Zen 2 chips, but it remains unclear if those are impacted,” explains Tom’s Hardware.
Which Digital Asset Wallets Would Be Affected?
Any crypto wallets the user would directly install on their PC could be vulnerable to this exploit. However, keys stored on dedicated devices like hardware wallets should be safe.
Encryption keys stored on locked-down computers (that is, those disconnected from the internet) should also be unaffected by the vulnerability.
Recently, there has been a push towards self-custody in the crypto sector, as investors have slowly become aware of the risks related to centralized platforms after established players such as FTX have gone down during the past year.
However, Bugs like these showcase that although self-custodial wallets may be safer than keeping coins on centralized platforms, some types are less safer than others. For example, the hot wallets that need to be connected to the internet can potentially fall prey to such vulnerabilities.
At the time of writing, Bitcoin is trading around $29,300, down 2% in the last week.
Looks like the crypto has plunged recently | Source: BTCUSD on TradingView
Featured image from Mariia Shalabaieva on Unsplash.com, chart from TradingView.com