In a video published this Thursday afternoon (9), cybersecurity firm Unciphered shows how it hacked into a physical cryptocurrency wallet “in less than a second”.
The wallet in question is one OneKeyminia $58 (R$300, in direct conversion) device that claims to be “open source and trusted by millions” from people.
The process used by Unciphered is very similar to Joe Grand’s work in hacking into a Trezor hardware wallet after its owner lost its PIN, locking BRL10 million worth of cryptocurrencies into it. The big difference, however, was the time between the two hacks.
Hardware wallet hacked in less than 1 second
Stay informed!
Get the most important news of the day.
Thank you!
You are now receiving our Newsletter.
All in all, hardware wallets are considered the safest options for storing cryptocurrencies. The main reason is their controlled environment i.e. there is excellent protection against malware and other vulnerabilities found in computers.
However, the team at Unciphered managed to break the security of one of these wallets in a time that was considered absurd.
“Today, OneKey is one of the largest manufacturers of hardware wallets and we found a way to hack this wallet in an instant.”
The specialist then states that this is a “critical vulnerability”but points out that OneKey itself has already expressed interest in working with them to fix the bug.
Unciphered goes into the hack itself and shows how it connected the wallet to an FPGA, disrupted communication, and then communicated the device to a notebook.
“Bam! We get the [frase] mnemonic and bypassed the OneKey PIN in less than a second.”
With the mnemonic – i.e. the 12-word game – in hand, the hacker then has access to all cryptocurrencies that were stored in the wallet. Since this was a security experiment, obviously no cryptocurrency was stolen, but it does worry users.
Personal hacks are starting to worry the community
As seen above, the hacker must be in possession of the hardware wallet to carry out such an attack. That is, even if such a wallet has this vulnerability, it would be impossible to exploit it in any other way.
Considering that face-to-face hacks are becoming a new trend, caution is advised.
As an example, this Wednesday (8), the live coins reported the case of an entrepreneur who lost BRL 20 million in cryptocurrencies after an encounter with scammers in a hotel. In this particular case, it was not a hardware wallet, but a conventional wallet.
Thus, regardless of the method used to store cryptocurrencies, the human factor is still a major vulnerability.
Examples of the type continue. Last year, Ronin developers fell for a bogus job posting on LinkedIn, causing the cryptocurrency to fall victim to one of the largest hacks in history, worth R$3 billion.
Finally, OneKey, manufacturer of the hardware wallet hacked by Unciphered, has not released any comments about the security flaw in its equipment until the close of this report.
Source: Live Coins
Barry Siefert is an accomplished journalist and author at The Nation View. He is known for his expertise in the field of cryptocurrency, and has written extensively on the topic. With a background in finance and economics, Barry has a deep understanding of the underlying technology and market forces that drive the crypto industry.