Executive Summary
As of early 2026, a new class of side-channel attacks targeting hardware wallet implementations of BIP-39 seed generation has emerged, enabling adversaries to extract private keys without physical device compromise. These attacks exploit timing, power consumption, and electromagnetic leakage during the mnemonic phrase derivation process. Our research reveals that over 18% of tested hardware wallet models from major vendors—including Ledger, Trezor, and BitBox—are vulnerable to at least one form of side-channel exposure during BIP-39 seed generation. This vulnerability compromises the foundational security assumption of hardware wallets as "trusted execution environments." We present evidence from controlled laboratory experiments and propose mitigations that can be deployed via firmware updates. Organizations and individuals relying on hardware wallets for cryptocurrency custody must act promptly to assess and remediate this risk.
Key Findings
BIP-39 is the de facto standard for generating mnemonic phrases used to derive cryptographic seeds in most hardware wallets. The process involves:
Hardware wallets rely on secure elements (e.g., ST33, ATECC608A) to protect seed generation and key storage. However, side-channel attacks bypass logical isolation by observing physical emanations during computation.
PBKDF2-HMAC-SHA512 uses a loop of 2048 iterations, each involving HMAC with variable-length inputs. In poorly optimized firmware, the time to process different-sized inputs (e.g., due to passphrase presence or length) leaks information about the mnemonic entropy. An attacker monitoring execution time via debug interface or power fluctuations can infer the presence of certain words or word groups, especially in the first 4–6 words of the phrase.
In experiments conducted with a Raspberry Pi Pico probing the device’s power line, we observed timing variations of ±12 µs per iteration when the passphrase was non-empty—a clear signature. This allowed reconstruction of the first 4 words with 92% accuracy after 500 traces.
Secure elements perform cryptographic operations with data-dependent power consumption. By analyzing power traces during HMAC-SHA512 execution, adversaries can recover intermediate hash states and, ultimately, the derived seed. Differential Power Analysis (DPA) has been shown to extract full seeds from BIP-39 generation in as few as 2,500 traces on vulnerable devices.
Our analysis of the BitBox02 revealed that the use of unmasked HMAC operations made it susceptible to first-order DPA. Even with masking, insufficient entropy in the mask values allowed partial key recovery.
EM emanations from the secure element’s serial data lines during I²C communication between the MCU and secure chip can reveal the BIP-39 seed derivation phase. EM probes placed within 2 mm of the device detected characteristic signal patterns corresponding to PBKDF2 iterations. Using machine learning (CNN-based classifiers), we achieved 98% detection accuracy of the seed generation phase, enabling targeted attacks even over a distance of 10 cm.
The primary threat scenario involves an adversary with brief physical access to a hardware wallet that has recently generated or imported a BIP-39 seed. The attacker uses a low-cost side-channel setup (e.g., $200 total) to capture traces during the initial setup or backup process. Even if the device is later wiped or reset, the side-channel data may still allow seed recovery if the original operation was monitored.
We categorize the risk as High for:
As of April 2026, major vendors have begun rolling out firmware patches:
However, 3 models tested (including a discontinued wallet from SafePal) remain vulnerable due to architectural limitations in their secure elements.