As per our responsible disclosure policy, CoolBitX would like to share with our users that we have discovered a potential vulnerability in the encrypted Bluetooth protocol used by the CoolWallet S under very specific conditions.
We have just published a new CoolBitX Crypto app version and CoolWallet S firmware update that resolves the issue. While there’s no need for alarm, we do strongly recommend that you install both updates as soon as possible to maintain optimal security on your devices.
How can this vulnerability be exploited?
We’d like to thank KK8 for alerting us to this issue, which could potentially be used on non-upgraded CoolWallets if these 3 very specific conditions are met:
- If a user uses the basic wallet creation and wallet recovery functions through an outdated app version.
- If a malicious actor is physically within 30 meters of you and your CoolWallet at that time.
- If the bad actor has prepared a second CoolWallet to intercept private information.
What you should do next
To offer you the best security, we strongly recommend you to update your CoolBitX Crypto app and CoolWallet S firmware to these latest versions:
- CoolBitX Crypto App: update to version 2.9.1
- CoolWallet S firmware: update to 106
Until you do, we urge you to follow these 2 recommended methods to stay 100% resistant to possible exploits like the one described above:
- Only use your physical Coolwallet S card, not the app, to generate a new wallet and recovery seed.
- Use the Advanced Recovery procedure by card to restore your wallet if need.
Please avoid creating a wallet and using basic seed recovery measures through our app until you’ve updated. These are longtime
How to update your CoolWallet and App (RECOMMENDED)
As you hopefully already know, earlier in 2020 we completely revamped the structure of the security protocol. Unfortunately, this required a slightly tricky wallet reset to make the switch successful.
If you haven’t previously done this reset, here’s what to do.
To update your app to version 2.9.100 and firmware to version 106 , please follow the steps below to complete this specific firmware update:
- Make sure you have your backed up recovery seed ( it should be 12 to 24 number sets written down on a paper card that came with your CoolWallet S. DO NOT proceed without this recovery seed!
- Remove (uninstall) the CoolBitX Crypto App on your phone
- Go to the Bluetooth settings page on your phone and remove the CoolWallet S (CWSXXXXXX) device.
- Reinstall the latest CoolBitX Crypto App from the App Store.
- Open the App, select the matching CoolWallet S serial number, and click Reset.
- Once the reset has been completed, select the matching CoolWallet S serial number and click Connect.
- Select Recover and enter your backed up seeds to retrieve your wallet data.
- Update the firmware again.
- You’re up to date!
- *Please charge the wallet during the firmware update. Should you require any further assistance, please contact us!
However, if users have previously updated their firmware to 105, then a reset is not required. They only need to update the firmware and the app this time.
Why is this needed?
With Bitcoin’s price skyrocketing, more and more bad actors are drawn to the crypto industry, targeting both private and custodial wallets (such as those on exchanges) with phishing malware and more sophisticated attacks.
The CoolWallet S was designed to offer superior security and convenience to users. Due to its mobility and ease of use, you can use it pretty much in any environment.
Therefore, it is really important to always install the latest updates and consider your immediate physical surroundings when interacting with sensitive data on it, just as you would do with your phone or other online devices.
If you follow these simple guidelines, a hardware wallet with sophisticated cold storage features like the CoolWallet S is still your safest best!
Please read on to learn more about this vulnerability and how you can best secure your crypto funds for the long haul.
How can this Bluetooth vulnerability potentially be exploited?
Bluetooth is by design a communication protocol that broadcasts information to other electronic devices. This means that under very specific circumstances, bad actors in the same physical vicinity can potentially retrieve wallet creation data through other Bluetooth devices when the data is transferred via Bluetooth.
While the CoolWallet’s data is protected with military-grade AES-256 encryption that stops if from exposure to other devices and keeps essential data offline at all times, it’s possible under very specific conditions to send the encrypted data to another prepped CoolWallet within 30 meters and run the same command with the same payload again.
As a result, the vulnerability allows the malicious actor in the near proximity to re-execute the commands with the same payloads on the second CoolWallet with the data retrieved from the Bluetooth protocol from the first CoolWallet when transporting data.
This allows the attacker to replay the basic wallet recovery process and the creation of a new wallet through the mobile app as the payload contains the private key generated with the seed phrases by the app.
Again, it’s important to note that the hacker has to physically be within 30 meters or less (the maximum Bluetooth Low Energy range) of you and your CoolWallet, and that the payload is ONLY revealed to another prepared CoolWallet during our basic wallet creation or recovery process, which normally takes only a few minutes to conduct.
Any other affected CoolWallet use cases and features to know about?
We can answer this with a clear “No”.
Once the wallet creation process has been completed, the private key will be immutably stored and ensconced in the CoolWallet S without any interfaces to retrieve it. In other words, your private key will never leave your CoolWallet again.
Apart from the wallet creation and basic recovery process, the attacker will not be able to replay the same commands with the same payloads — meaning hackers will not receive the same output with an additional CoolWallet.
And of course, our new update will close this potential issue for good.
How can CoolWallet S users protect themselves from bad actors?
As the first Bluetooth-enabled hardware wallet ever (2016), we feel we’re the most experienced and skilled in securing the Bluetooth protocol for wallet users. We need your help though to ensure end-to-end protection.
The solution is very simple. Just follow these 5 recommended safety precautions:
1) Trusted environment
Ensure you are in a safe and private environment when setting up your CoolWallet, such as your home or away from other people. The CoolWallet S fits discreetly in your wallet and cannot be used without your phone being in close vicinity and multi-level circumvention of its biometric security protocols.
2) Keep it offline and on paper
We strongly recommend you always set up or restore your wallet through the actual CoolWallet S card, not our app. Sure, it takes a few minutes longer, but the additional security upside far outweighs the inconvenience.
3) Keep the app up-to-date
Please ensure that you always update to our latest app version soon after receiving a release notification.
4) Official store updates only
Only update from the official iOS and Google Play stores to avoid any possible phishing, which has affected other wallet providers.
5) Advanced features, advanced security
We’ll say it again: For optimal safety, conduct your wallet recovery process using the “Advanced Recovery” method and “Create a New Wallet” with seed phrases generated by the physical CoolWallet S card to ensure optimal user security and experience. These two methods can completely (yes, 100%!) negate the vulnerability mentioned above.
We will release an update to our CoolBitX Crypto app in the next few days that will fix the potential security flaw. We thank the CoolWallet community for your support and please do get in touch with us if you have any further concerns.
With the value of cryptocurrencies like Bitcoin increasing to new levels however, hardware wallets like the CoolWallet S will continue to be targeted by both good and bad actors challenging our security protocols. It is normal for the crypto industry and it helps us to continuously respond, battle-test and improve our product.
The safety of our CoolWallet S users’ funds is our top priority at all times. A cold storage device with a secure element (SE) and additional biometric security measures as employed by the CoolWallet will always be your safest bet to ensure the long-term safety of your funds.
Stay safe and informed!