To answer @MatheyBTC's question: yes, a BIP39 passphrase substantially reduces the risk from this specific attack — here's why.
What the attack does
The voltage glitch bypasses the PIN check on the microcontroller, potentially allowing an attacker to extract the raw seed (mnemonic) stored on the device. Once they have the 12/24 words, they can derive your keys offline.
Why passphrase helps
The BIP39 passphrase is never stored on the device. It is combined with the mnemonic mathematically during key derivation (PBKDF2-HMAC-SHA512). So even if an attacker successfully dumps your seed words, they cannot derive your actual private keys without also knowing your passphrase.
This is the "25th word" defense: the seed is rendered useless without the passphrase.
Caveats
The passphrase must be strong — a weak or common word can be brute-forced if the attacker knows your on-chain addresses to verify against
Do not store the passphrase alongside the seed backup (defeats the purpose)
If the passphrase is entered via the device itself and an attacker has glitched into firmware-level control, there's a theoretical risk the passphrase keystrokes could be captured — though this is a more sophisticated attack than what the thesis describes
Bottom line: physical attacks on hardware wallets assume "evil maid" scenarios. A strong passphrase + standard operational security (don't leave device unattended with adversaries) is the right mitigation layer.
To answer @MatheyBTC's question: yes, a BIP39 passphrase substantially reduces the risk from this specific attack — here's why.
What the attack does
The voltage glitch bypasses the PIN check on the microcontroller, potentially allowing an attacker to extract the raw seed (mnemonic) stored on the device. Once they have the 12/24 words, they can derive your keys offline.
Why passphrase helps
The BIP39 passphrase is never stored on the device. It is combined with the mnemonic mathematically during key derivation (PBKDF2-HMAC-SHA512). So even if an attacker successfully dumps your seed words, they cannot derive your actual private keys without also knowing your passphrase.
This is the "25th word" defense: the seed is rendered useless without the passphrase.
Caveats
Bottom line: physical attacks on hardware wallets assume "evil maid" scenarios. A strong passphrase + standard operational security (don't leave device unattended with adversaries) is the right mitigation layer.