OneKey says it's fixed the flaw that got its hardware wallet hacked in 1 second

Published at: Feb. 13, 2023

Crypto hardware wallet provider OneKey says it has already addressed a vulnerability in its firmware that allowed one of its hardware wallets to be hacked in one second flat.

On Feb. 10, a video on YouTube posted by cybersecurity startup Unciphered showed they had figured out a way to exploit a "Massive critical vulnerability" in order o "crack open" a OneKey Mini.

According to Eric Michaud, a partner at Unciphered, by disassembling the device and inserting coding, it was possible to return the OneKey Mini to “factory mode” and bypass the security pin, allowing a potential attacker to remove the mnemonic phrase used to recover a wallet. 

"You have the CPU and the secure element. The secure element is where you keep your crypto keys. Now, normally, the communications are encrypted between the CPU, where the processing is done, and the secure element," Michaud explained.

"Well it turns out it wasn't engineered to do so in this case. So what you could do is put a tool in the middle that monitors the communications and intercepts them and then injects their own commands," he said, adding:

"We did that where it then tells the secure element it's in factory mode and we can take your mnemonics out, which is your money in crypto."

However, in a Feb. 10 statement, OneKey said it had already addressed the security flaw identified by Unciphered, noting that its hardware team had updated the security patch "earlier this year" without "anyone being affected," and that "All disclosed vulnerabilities have been or are being fixed."

Our Response to Recent Security Fix Reports https://t.co/Dp9nNp1D0U

— OneKey Open Source Wallet (@OneKeyHQ) February 10, 2023

"That said, with password phrases and basic security practices, even physical attacks disclosed by Unciphered will not affect OneKey users." 

The company further highlighted that while the vulnerability was concerning, the attack vector identified by Unciphered can't be achieved remotely and requires "disassembly of the device and physical access through a dedicated FPGA device in the lab to be possible to execute."

According to OneKey, during correspondence with Unciphered, it was disclosed that other wallets have been found to have similar issues.

"We also paid Unciphered bounties to thank them for their contributions to OneKey's security," OneKey said.

Related: ‘Haunts me to this day’ — Crypto project hacked for $4M in a hotel lobby

In its blog post, OneKey has said it's already gone to great pains to ensure the security of its users, including protecting them from supply chain attacks — when a hacker replaces a genuine wallet with one controlled by them, a particular area of focus.

OneKey’s measures have included tamper-proof packaging for deliveries and the use of supply chain service providers from Apple to ensure stringent supply chain security management.

In the future, they hope to implement onboard authentication and upgrade newer hardware wallets with higher-level security components.

OneKey noted that the main purpose of hardware wallets has always been to protect users' money from malware attacks, computer viruses and other remote dangers, but acknowledged that unfortunately, nothing can be 100% secure. 

"When we look at the entire hardware wallet manufacturing process, from silicon crystals to chip code, from firmware to software, it's safe to say that with enough money, time and resources, any hardware barrier can be breached, even if it's a nuclear weapon control system."

Tags
Related Posts
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to …
Adoption / May 14, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021