According to cybersecurity researchers, a newly discovered vulnerability in a widely used Chinese microcontroller puts billions of devices and the Bitcoin stored on these devices at serious risk.
Risky Chip Used in Many Bitcoin and Crypto Cold Wallets
Officially cataloged as CVE-2025-27840, the vulnerability affects the ESP32 chip, a popular microcontroller found in a number of Internet of Things (IoT) devices, including hardware wallets used to store Bitcoin. Security experts warn that this bug could allow hackers to remotely steal private keys or forge BTC transaction signatures, gaining unauthorized access to users’ funds.
The ESP32 chip is manufactured by the Chinese company Espressif Systems and is used in devices such as the Blockstream Jade wallet, which relies on the chip to generate cryptographic signatures for Bitcoin transactions. However, the researchers found that the chip’s random number generator lacked enough entropy and was therefore vulnerable to brute force attacks that could reveal private keys.
The cybersecurity firm Crypto Deep Tech demonstrated how this vulnerability can be exploited in the real world. The white hat hacker team managed to crack the private key of an active Bitcoin wallet holding 10 BTC, showcasing the practical seriousness of the issue.
Beyond the random number generator flaw, the chip’s update mechanism is also vulnerable. Hackers can use module updates to sign unauthorized transactions or inject malicious code, turning the chip into a secret access point for digital theft.
With billions of ESP32 chips embedded in devices around the world, the scale of the threat is quite significant for individuals and companies relying on self-custody solutions, especially for digital assets.
Crypto Deep Tech and other researchers are currently working under responsible disclosure protocols, warning wallet manufacturers and developers and calling for urgent measures to be taken. However, experts warn that the path to securing the affected infrastructure will be complex and lengthy, as defective chips have already been implanted in a large number of devices.
For now, it is recommended that users of hardware wallets containing ESP32 chips stay alert for firmware updates and follow the guidance of wallet providers as security patches are developed.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
