⭐ Merited by Welsh (10) ,vapourminer (9) ,o_e_l_e_o (4) ,n0nce (4) ,hugeblack (4) ,pooya87 (4) ,bitmover (4) ,hosseinimr93 (4) ,Pmalek (3) ,ETFbitcoin (3) ,RickDeckard (2) ,JayJuanGee (2) ,FatFork (2) ,dragonvslinux (2) ,NeuroticFish (1) ,witcher_sense (1) ,SFR10 (1) ,suchmoon (1) ,TheBeardedBaby (1) ,m2017 (1) ,Husna QA (1) ,BitMaxz (1) ,DireWolfM14 (1) ,Mahdirakib (1)
Verge article released interesting article about one electrical engineer and hacker who hacked and broke Trezor hardware wallet PIN code with wallet worth around $2 million!
This was all done by Joe Grand and Trezor device was owned by Dan Reich who purchased some coins for $50k back in 2018, and then he withdraw them from exchange to Trezor wallet.
Price of the coins crash (some of us remember that time) and Dan forgot all about PIN code he used on his Trezor, and his friend lost the paper backup with this information.
Joe Grand, better known by his old hacker handle “Kingpin” was a part of L0pht hacker collective that testified to the US Senate back in 1998.
He already helped Mark Frauenfelder recover his coins from Trezor after he forgot his PIN in 2017, so Dan Reich contacted him and asked him for help.
Trezor did some changes and improvements after this, but this was not enough as Grand managed to do it again,and you can watch the procedure below in his youtube channel.
Problem is not only for Trezor but for most hardware wallets and devices that use STM32 microcontrollers and most wallets are using them.
They are used in billions of devices around the world, not only in hardware wallets and it's scary when you think about it, even without flaws some agencies could add backdoor for spying inside this chips.
Trezor already fixed the issue in latest firmware versions and wallets no longer copy or move the key and PIN into RAM but in protected part of flash that is not affected by firmware upgrades.
Make sure to watch the video below, it does look a bit scripted but it is interesting to watch and fun time to spend 30 minutes.
Conclusion:
- Always make multiple backups for your wallet
- Use Trezor ONLY with passphrase, but back that up also.
Joe Grand video: How I hacked a hardware crypto wallet and recovered $2 million
https://www.youtube.com/watch?v=dT9y-KQbqi4
Full Article: https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft
This was all done by Joe Grand and Trezor device was owned by Dan Reich who purchased some coins for $50k back in 2018, and then he withdraw them from exchange to Trezor wallet.
Price of the coins crash (some of us remember that time) and Dan forgot all about PIN code he used on his Trezor, and his friend lost the paper backup with this information.
Joe Grand, better known by his old hacker handle “Kingpin” was a part of L0pht hacker collective that testified to the US Senate back in 1998.
He already helped Mark Frauenfelder recover his coins from Trezor after he forgot his PIN in 2017, so Dan Reich contacted him and asked him for help.
Trezor did some changes and improvements after this, but this was not enough as Grand managed to do it again,and you can watch the procedure below in his youtube channel.
Problem is not only for Trezor but for most hardware wallets and devices that use STM32 microcontrollers and most wallets are using them.
They are used in billions of devices around the world, not only in hardware wallets and it's scary when you think about it, even without flaws some agencies could add backdoor for spying inside this chips.
Trezor already fixed the issue in latest firmware versions and wallets no longer copy or move the key and PIN into RAM but in protected part of flash that is not affected by firmware upgrades.
Make sure to watch the video below, it does look a bit scripted but it is interesting to watch and fun time to spend 30 minutes.
Conclusion:
- Always make multiple backups for your wallet
- Use Trezor ONLY with passphrase, but back that up also.
Joe Grand video: How I hacked a hardware crypto wallet and recovered $2 million
https://www.youtube.com/watch?v=dT9y-KQbqi4
Full Article: https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft