OneKey says it’s fixed the flaw that got its hardware wallet hacked in 1 second

Share This Post

Unciphered posted a video showing a “Massive critical vulnerability” in the OneKey Mini. The creators noted it’s been patched and are now working on further securing the wallet.

Crypto hardware wallet provider OneKey says it has already addressed a vulnerability in its firmware that allowed one of its hardware wallets to be hacked in one second flat.

On Feb. 10, a video on YouTube posted by cybersecurity startup Unciphered showed they had figured out a way to exploit a “Massive critical vulnerability” in order o “crack open” a OneKey Mini.

According to Eric Michaud, a partner at Unciphered, by disassembling the device and inserting coding, it was possible to return the OneKey Mini to “factory mode” and bypass the security pin, allowing a potential attacker to remove the mnemonic phrase used to recover a wallet. 

“You have the CPU and the secure element. The secure element is where you keep your crypto keys. Now, normally, the communications are encrypted between the CPU, where the processing is done, and the secure element,” Michaud explained.

“Well it turns out it wasn’t engineered to do so in this case. So what you could do is put a tool in the middle that monitors the communications and intercepts them and then injects their own commands,” he said, adding:

“We did that where it then tells the secure element it’s in factory mode and we can take your mnemonics out, which is your money in crypto.”

However, in a Feb. 10 statement, OneKey said it had already addressed the security flaw identified by Unciphered, noting that its hardware team had updated the security patch “earlier this year” without “anyone being affected,” and that “All disclosed vulnerabilities have been or are being fixed.”

“That said, with password phrases and basic security practices, even physical attacks disclosed by Unciphered will not affect OneKey users.” 

The company further highlighted that while the vulnerability was concerning, the attack vector identified by Unciphered can’t be used remotely and requires “disassembly of the device and physical access through a dedicated FPGA device in the lab to be possible to execute.”

According to OneKey, during correspondence with Unciphered, it was disclosed that other wallets have been found to have similar issues.

“We also paid Unciphered bounties to thank them for their contributions to OneKey’s security,” OneKey said.

Related: ‘Haunts me to this day’ — Crypto project hacked for $4M in a hotel lobby

In its blog post, OneKey has said it’s already gone to great pains to ensure the security of its users, including protecting them from supply chain attacks — when a hacker replaces a genuine wallet with one controlled by them. 

OneKey’s measures have included tamper-proof packaging for deliveries and the use of supply chain service providers from Apple to ensure stringent supply chain security management.

In the future, they hope to implement onboard authentication and upgrade newer hardware wallets with higher-level security components.

OneKey noted that the main purpose of hardware wallets has always been to protect users’ money from malware attacks, computer viruses and other remote dangers, but acknowledged that unfortunately, nothing can be 100% secure. 

“When we look at the entire hardware wallet manufacturing process, from silicon crystals to chip code, from firmware to software, it’s safe to say that with enough money, time and resources, any hardware barrier can be breached, even if it’s a nuclear weapon control system.”

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Bitcoin Forms Bullish Pennant That Shows Surge To $113,000 Is Coming, Here’s How

Crypto analyst Trader Tardigrade has revealed a bullish pattern that has formed on the Bitcoin chart Based on this, the analyst explained how the Bitcoin price could rally to as high as $113,000 

Coinshares: Digital Asset Market Hits Unprecedented $138 Billion in Managed Funds

Coinshares reported that digital asset inflows reached $22 billion last week, pushing year-to-date inflows to a record $335 billion Crypto Boom: Bitcoin Leads $22 Billion Weekly Inflows, Ethereum

XRP breaks $1, hits 3 year high as open interest goes above $2 billion

Ripple’s XRP has reached a three-year high, surpassing $1 as open interest in the digital asset hit an all-time peak of over $2 billion Over the weekend, XRP briefly touched $119, its highest

MicroStrategy Makes Record $4.6 Billion Bitcoin Purchase, Largest Yet

Business intelligence firm MicroStrategy has ramped up its Bitcoin (BTC) investment following President-elect Donald Trump’s victory in the presidential election This pivotal moment on November

Elon Musk Reveals He Still Holds Dogecoin, Spacex Owns ‘A Bunch of Bitcoin’

The post Elon Musk Reveals He Still Holds Dogecoin, Spacex Owns ‘A Bunch of Bitcoin’ appeared first on Coinpedia Fintech News During a discussion on X Spaces, Tesla CEO Elon Musk revealed

Crypto funds see $2.2 billion inflow, pushing 2024 total to $33.5 billion

Last week, digital asset investment products saw $22 billion in inflows, reflecting a broader market uptrend driven by Donald Trump’s recent victory at the just-concluded US presidential