Feb 04, 2022

$2 million in crypto recovered from hacked Trezor wallet

Crypto News

Three years after it became apparent that Dan Reich couldn’t access his Trezor One hardware wallet, a computer engineer and hacker, Joe Grand, has come to his rescue. 

Trevor one owner loses access to wallet

Reich, an entrepreneur based in New York City, and his friend had in 2018 discovered that their investment in Theta, which was initially worth $50,000, was not accessible to them again because they had lost the security PIN to the Trezor One on which the tokens were stored. 

To recover their investment, they made twelve unsuccessful attempts to guess the security pin. However, after it became apparent that their efforts might yield no positive result and they were on the verge of the 16 incorrect guesses that would lead to an automatic wipe of the account, they paused their efforts. 

Several years later, they discovered that their investment had grown to $2 million. This massive figure inspired them to redouble their efforts to recover the funds. This time around, it was apparent that since they couldn’t access the wallet’s seed phrase or PIN, the only way to retrieve the tokens was through hacking.

How Grand pulled off the hack

This discovery and desire drove them to approach Grand, a well-known hacker, and foremost computer engineer. After a long process that took 12 weeks of tedious trial and error, the relentless hacker discovered a way to recover the lost PIN.

After the successful hack of the account, Kingpin, as the Portland-based hacker is widely known, uploaded a YouTube video explaining how he pulled off the ingenious hack.

According to him, the key to this hack was that during a firmware update, the Trezor One wallets temporarily move the PIN and key to RAM, only to move them later back to flash once the firmware is installed.

Grand found that in the version of firmware installed on Reich’s wallet, this information was not moved but copied to the RAM, which means that if the hack fails and the RAM is erased, the information about the PIN and key would still be stored in a flash.

After using a fault injection attack — a technique that alters the voltage going to the chip — Grand was able to bypass the security the microcontrollers have to prevent hackers from reading the RAM and obtain the PIN needed to access the wallet and the funds.

EverdomeEverdome

CryptoSlate Newsletter

Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis

Price snapshots

More context

Join now for $19/month Explore all benefits

Related Posts

Comments (No)

Leave a Reply

Hide Comments
Advantages of Using Cryptocurrency
The Evolution of Cryptocurrency
How to Trade With The FutureTrade
How Crypto Marketing is Emerging
Astrology NFT project ‘Lucky Star Currency’ rugged for over $1m – Certik
What is going on with Sam Bankman-Fried’s defense?
South Korean UPbit counters 1,800% surge in hacking attempts with AI-driven security measures
Crypto investment products see largest inflows since July — CoinShares
Gods Unchained: The Ultimate Guide
Boost Your Business with These AI Marketing Tools
Best AI Profile Pic Generators in 2023
Shazane Nazaraly’s Inspiring Journey to Launching Ares Corporation
Decentraland Hosts An Ugly Sweater Wearable Competition For Xmas!
Next Earth Introduces LAND Descriptions For Its Metaverse Plots
Degen Toonz & CULT&RAIN Lead the Way in Digital Fashion
Degen Toonz & CULT&RAIN Lead the Way in Digital Fashion