Engineer hacks Trezor wallet, recovers $2M in 'lost' crypto

A white-hat hacker cracked a Trezor One hardware wallet recovering over $2 million and shared the details in a Youtube video.

1/27/2022 12:30:00 AM

A hack with a happy ending. White hat hacker joegrand has revealed in a YouTube video that he cracked the security of a Trezor One Wallet and recovered millions in 'lost' tokens.

A white-hat hacker cracked a Trezor One hardware wallet recovering over $2 million and shared the details in a Youtube video.

NewsA computer engineer and hardware hacker has revealed how he managed to crack a Trezor One hardware wallet containing more than $2 million in funds.Joe Grand — who is based in Portland and is also known by his hacker alias, Kingpin —a Youtube video explaining how he pulled off the ingenious hack.

Afterdecidingto cash out an original investment of roughly $50,000 in Theta in 2018, Dan Reich, an NYC-based entrepreneur, and his friend realized that they had lost the security PIN to the Trezor One on which the tokens were stored. After unsuccessfully trying to guess the security PIN 12 times, they decided to quit before the wallet automatically wiped itself after 16 incorrect guesses.

Read more: Cointelegraph »

‘Power Book II: Ghost’ Star Gianni Paolo Talks ... by TMZ Verified

Read more >>

joegrand Can we get a patch soon Trezor ? joegrand Good for me that i have a ledger 😅 joegrand I'm on BFX because it's the safest exchange that survived hacker attacks joegrand this is made my day and hopefully yours aswell joegrand if only it worked for at least a week, respect to the author! joegrand So scary tho...

Josh Allen is only one not complaining about NFL’s overtime rulesWhile everyone who has a Twitter account railed against the NFL’s OT rule— if the team that gets the ball first scores a touchdown the game is over — Allen had a different take. CarlBanksGIII Should NFL change overtime rules? Win some lose some whaddya gonna do 🏈🤔

Watch Janet Jackson respond to Kelly Clarkson's cover of one of her biggest hitsOn 'The Kelly Clarkson Show,' Janet Jackson said she enjoys Clarkson covering her songs after Clarkson said she gets nervous singing for her.

Where's a Good Cyclone When You Need One?The clown car of Texas politicians has not only grown terrifyingly crazy as of late, it has also become dreadfully boring.

Kardashian family smash Instagram milestone with one billion followers combinedThe Kardashian-Jenner clan have more than 1.2 billion followers combined. The popular family rose to prominence when they starred in the hit show Keeping Up With The Kardashians, with their fame rocketing since

Survey: Nearly one-third of people in relationships admit to financial infidelityNearly one-third of people in relationships admit to committing some form of financial infidelity, according to a new survey. Just one third?

One Week After Eviction Moratorium Ends, Thousands Of At-Risk Tenants Seek AssistanceFrom January 11th to January 19th, the state's Emergency Rental Assistance Program received 9,000 applications from renters who said they can’t pay their rent due to a COVID-19-related hardship. Tenants who applied for relief are protected from evictions.

0:00 News A computer engineer and hardware hacker has revealed how he managed to crack a Trezor One hardware wallet containing more than $2 million in funds. Joe Grand — who is based in Portland and is also known by his hacker alias, Kingpin — a Youtube video explaining how he pulled off the ingenious hack. After deciding to cash out an original investment of roughly $50,000 in Theta in 2018, Dan Reich, an NYC-based entrepreneur, and his friend realized that they had lost the security PIN to the Trezor One on which the tokens were stored. After unsuccessfully trying to guess the security PIN 12 times, they decided to quit before the wallet automatically wiped itself after 16 incorrect guesses. But with their investment growing to $2 million this year, they redoubled their efforts to access the funds. Without their wallet’s seed phrase or PIN, the only way to retrieve the tokens was through hacking. They reached out to Grand who spent 12 weeks of trial and error but eventually found a way to recover the lost PIN. The key to this hack was that during a firmware update, the Trezor One wallets temporarily move the PIN and key to RAM, only to later move them back to flash once the firmware is installed. Grand found that in the version of firmware installed on Reich’s wallet, this information was not moved but copied to the RAM, which means that if the hack fails and the RAM is erased, the information about the PIN and key would still be stored in flash. After using a fault injection attack — a technique that alters the voltage going to the chip — Grand was able to surpass the security the microcontrollers have to prevent hackers from reading RAM, and obtained the PIN needed to access the wallet and the funds. Grand explained: “We are basically causing misbehavior on the silicon chip inside the device in order to defeat security. And what ended up happening is that I was sitting here watching the computer screen and saw that I was able to defeat the security, the private information, the recovery seed, and the pin that I was going after popped up on the screen." According to a recent tweet from Trezor, this vulnerability, which allows the pin to be read from the wallet’s RAM, is an older one that has already been fixed for newer devices. But unless changes are made to the microcontroller, fault injection attacks still can pose a risk.