News 
April 16, 2025 
5 min. 
Security researchers have uncovered a serious vulnerability in the widely used ESP32 chip, which is manufactured in China and embedded in billions of IoT devices, including many popular cryptocurrency wallets.
Cybersecurity experts at Crypto Deep Tech identified the flaw and officially registered it as CVE-2025-27840 in March. The exploit allows attackers to bypass cryptographic protections, forge digital signatures, and extract private keys—all without notifying the user.
ESP32 Chip Flaw Undermines Core Cryptographic Security
The vulnerability directly affects cryptographic operations within hardware wallets. It stems from critical design issues, such as a weak pseudo-random number generator (PRNG) that makes private keys predictable and the failure to reject invalid keys, including values less than or equal to zero.
🚨 BREAKING: A newly revealed ESP32 Chip Flaw enables attackers to steal private keys from Bitcoin wallets, putting billions in digital assets at risk.
— via @coinwaft, April 16, 2025
These flaws have a major impact on wallets like Blockstream Jade. In particular, the chip’s built-in Bluetooth and Wi-Fi capabilities widen the attack surface. Attackers can spoof MAC addresses, manipulate memory, and inject malicious code to compromise wallet security.
In a controlled simulation, researchers successfully extracted the private key from a wallet containing 10 BTC, without triggering any alerts.
One of the most concerning aspects is the vulnerability in the electrum_sig_hash function, which is used in Electrum-based wallets. By crafting messages with non-standard formatting, attackers can generate forged ECDSA signatures that appear legitimate.
Moreover, the chip supports message prefixing, enabling attackers to encode Bitcoin addresses before applying double SHA256 hashing. This approach effectively bypasses standard protections and facilitates forgery.
Given the chip’s integration into billions of devices, this vulnerability presents a significant risk, not only to crypto users but also to the global IoT ecosystem.
Impact Extends Beyond Crypto Wallets
Beyond cryptocurrency, the chip is also present in smart home devices, industrial systems, and routers. As a result, experts warn that attackers could exploit this flaw for large-scale cyberattacks, including state-sponsored operations and supply chain compromises.
“This isn’t just a Bitcoin issue. It affects the security of all connected devices,” researchers emphasized.
Even wallets that incorporate additional protections are not entirely safe. For example, a March 13 audit by Ledger revealed that Trezor’s Safe 3 and Safe 5 models are vulnerable to supply chain attacks. Both devices rely on general-purpose microcontrollers to perform cryptographic tasks.
Although these wallets include secure elements, essential functions like transaction signing are still executed on components that can be compromised during manufacturing or shipping.
Ledger CTO Charles Guillemet warned that, despite the use of EAL6+ certified secure elements, attackers can target the microcontroller layer if they intercept devices before delivery.
Ultimately, these findings emphasize the broader risks posed by chip-level vulnerabilities, which threaten not only digital asset protection but also the security of smart infrastructure worldwide.
Growing Industry-Wide Concern Over Hardware Flaws
Concerns about hardware-level security are mounting across the tech industry.
In March 2024, researchers discovered a side-channel vulnerability in Apple’s M-series processors. This flaw allowed attackers to extract encryption keys through microarchitectural weaknesses, creating a permanent exposure that software updates cannot fix.
Meanwhile, even browser-based wallets are under scrutiny. On April 14, a developer filed a lawsuit against Phantom Technologies, alleging that its Solana-based wallet stored unencrypted private keys in browser memory.
This vulnerability led to the theft of over $500,000 in cryptocurrency across just three wallets, highlighting that even modern platforms remain vulnerable to foundational security issues.
