ALTON, IL — Nopsax, a leading provider of hardware security solutions for cryptocurrency key management, today announced that its internal security research team has identified and proactively addressed a theoretical vulnerability in the firmware of certain hardware wallet models. The vulnerability, which had not been exploited in the wild, has been fully patched in the latest firmware update available to all users.
This discovery and resolution highlights Nopsax's commitment to continuous security research and transparency in addressing potential vulnerabilities before they can impact users' assets.
Discovery Through Internal Research
The potential vulnerability was discovered during routine security analysis conducted by Nopsax's dedicated research team as part of the company's ongoing security assurance program. The program systematically examines all aspects of the company's products to identify and address potential security issues before they can be exploited.
"Our security research team operates with a 'friendly adversary' mindset, constantly testing our own products to stay ahead of potential threats," explained Dr. Martin Santos, Head of Security Research at Nopsax. "This discovery demonstrates the effectiveness of our proactive approach to security assurance."
Nature of the Vulnerability
The identified vulnerability affected a specific component of the firmware in Nopsax Nano X and Vault models manufactured between January and March 2025. Under very specific conditions, the vulnerability could potentially allow a sophisticated attacker with physical access to the device and specialized equipment to extract limited cryptographic information during the device initialization process.
It's important to emphasize several key points about this vulnerability:
- The vulnerability required physical possession of the device
- It could only be exploited during the initial setup process before any cryptocurrency accounts were created
- Successful exploitation would require specialized equipment and technical expertise
- There is no evidence that this vulnerability was ever discovered or exploited by malicious actors
- Devices with PIN protection and existing cryptocurrency accounts were not affected
"While the practical risk to users was extremely low, we take every potential security issue seriously, no matter how theoretical," said Dr. Santos. "Our commitment to security means addressing even edge cases that might never be encountered in real-world usage."
Comprehensive Response
Upon discovering the vulnerability, Nopsax implemented a comprehensive response plan:
- Immediate Engineering Response: The security and engineering teams worked to develop a firmware patch that completely eliminates the vulnerability.
- Verification and Testing: The patch underwent rigorous testing to ensure it fully addressed the issue without introducing new vulnerabilities or affecting device performance.
- Firmware Update Release: The security update has been incorporated into firmware version 2.3.5, which is now available for all affected devices.
- User Notification: While no user action is required for devices that have already been initialized with accounts, Nopsax is notifying all users through multiple channels about the availability of the update.
- Transparent Disclosure: Following responsible security disclosure principles, Nopsax is publishing technical details of the vulnerability now that a patch is widely available.
"Our response to this discovery reflects our security-first philosophy," said Jennifer Andrews, Chief Security Officer at Nopsax. "We've designed our products with multiple layers of protection specifically to ensure that even if one security measure is compromised, others remain in place to protect user assets."
Firmware Update Instructions
All Nopsax Nano X and Vault users are encouraged to update to the latest firmware version through the Nopsax Manager application. The update process is straightforward and preserves all existing accounts and settings. Detailed instructions are available on the Nopsax support website.
For users who have not yet initialized their devices, the update is particularly important and should be completed before setting up the device for the first time.
Commitment to Security Research
This discovery underscores the value of Nopsax's significant investment in internal security research capabilities. The company employs a team of security researchers with backgrounds in cryptography, hardware security, and offensive security testing.
"Our security research program is a cornerstone of our product development process," noted Andrews. "By maintaining an in-house team dedicated to finding vulnerabilities in our own products, we can identify and address potential issues before they affect our users."
Nopsax also maintains an active bug bounty program that rewards external security researchers for responsibly disclosing potential vulnerabilities, creating multiple layers of security review for all products.
For technical details about the vulnerability and patch, security researchers can refer to the detailed advisory published on the Nopsax security research blog.
About Nopsax
Nopsax is a leading provider of hardware security solutions for cryptocurrency key management. Founded in 2017 by a team of cybersecurity experts and blockchain enthusiasts, the company has established itself as a trusted name in digital asset security. Nopsax serves clients in over 150 countries, with offices in the United States, Switzerland, and Singapore.
