A cybersecurity firm has hacked a popular cryptocurrency wallet, demonstrating to its developers that it contains critical flaws.
Unciphered, a cybersecurity firm, reveals to its YouTube audience in a new video update how they were able to breach the defenses of crypto wallet OneKey and notify its developers of the exploit.
“This is how the hack operates. The CPU and the secure element are both present. Your crypto keys are stored in the secure element. Normally, communications between the CPU, where the processing occurs, and the secure element are encrypted.
It turns out that it wasn’t designed to do so in this space. We discovered this. So you put a tool in the middle that monitors and intercepts communications before injecting [its] own commands.
We did that so that the secure element knows it’s in factory mode and we can take your mnemonics, which is your money in crypto, out. So we enrolled OneKey in their bug bounty program and got them to patch it.”
According to the cybersecurity experts, OneKey was relieved that the exploit was discovered because bad actors could have used it to steal customer funds.
“Things like this are a critical vulnerability. It’s terrible. OneKey was relieved that we brought this to their attention, and that we did so before a malicious actor discovered it and stole people’s crypto.”