Cybersecurity researchers have disclosed a glaring vulnerability in the KeepKey cryptocurrency hardware wallet that allows physical attackers to steal funds in just 15 minutes.

Kraken Security Labs’ latest blog details a “voltage glitching” attack that extracts the encrypted seed used to access cryptocurrency stored on the device.

An attacker can then brute force the encrypted seed, as it is simply protected by a 1-9 digit PIN, which the firm described as “trivial.”