Popular Hardware Crypto Wallet OneKey Hacked by Security Firm, Proving Critical Vulnerability

A cybersecurity firm has hacked a popular cryptocurrency wallet, demonstrating to its developers that it contains critical flaws.

Unciphered, a cybersecurity firm, reveals to its YouTube audience in a new video update how they were able to breach the defenses of crypto wallet OneKey and notify its developers of the exploit.

“This is how the hack operates. The CPU and the secure element are both present. Your crypto keys are stored in the secure element. Normally, communications between the CPU, where the processing occurs, and the secure element are encrypted.

It turns out that it wasn’t designed to do so in this space. We discovered this. So you put a tool in the middle that monitors and intercepts communications before injecting [its] own commands.

We did that so that the secure element knows it’s in factory mode and we can take your mnemonics, which is your money in crypto, out. So we enrolled OneKey in their bug bounty program and got them to patch it.”

According to the cybersecurity experts, OneKey was relieved that the exploit was discovered because bad actors could have used it to steal customer funds.

“Things like this are a critical vulnerability. It’s terrible. OneKey was relieved that we brought this to their attention, and that we did so before a malicious actor discovered it and stole people’s crypto.”

Bookmark (0)

Related Posts

Terraform Labs Co-Founder Daniel Shin Appears in Court for Interrogation

Terraform Labs co-founder Shin Hyun-Seong (Daniel Shin) was interrogated in court on March 30.
Shin was asked such questions as whether he had ever contacted colleagues abroad.
Co-founder Do Kwon was recently arrested, much to the joy of the victims of the Terra crash.

Bookmark (0)

Bitcoin Taps $29,000—Why BTC May Never Revisit Its Previous Lows

Bitcoin markets remain resilient amid U.S. war on crypto.
Halving narrative continues to strengthen.
BTC tapped a nine month high of $29,000.

Bookmark (0)

Jake Paul-endorsed SafeMoon gets hacked after introducing a bug in upgrade

A public burn function introduced in the latest upgrade allegedly allows users to burn tokens from other addresses.

Bookmark (0)

XRP price tags 10-month high — Can a 35% pullback be avoided?

A U.S. regulator called Bitcoin, Ether and Litecoin commodities in its court filing against Binance; it did not mention XRP anywhere.

Bookmark (0)

Did the SEC Target Spicer Jeffries for Being Crypto-Friendly?

SEC settles with Denver-based auditing firm.
Spicer Jeffries has ties with crypto firms and executives.
Gary Gensler requested a bigger budged to tackle crypto ‘misconduct.’

Bookmark (0)

Price analysis 3/29: BTC, ETH, BNB, XRP, ADA, DOGE, MATIC, SOL, DOT, LTC

Bitcoin and select altcoins are close to breaking out of their overhead resistance levels, indicating that bulls remain in control of the crypto market.

Bookmark (0)

Leave a Reply

Your email address will not be published. Required fields are marked *