A cybersecurity firm has hacked a popular crypto wallet, proving to its developers that it has critical vulnerabilities.
In a new video update, cybersecurity firm Unciphered reveals to its YouTube audience how they were able to crack the defenses of crypto wallet OneKey and inform its developers of the exploit.
“Here’s how the hack works. You have the CPU and the secure element. The secure element is where you keep your crypto keys. Now, normally, the communications are encrypted between the CPU, where the processing is done, and the secure element.
Well it turns out it wasn’t engineered to do so in this space. We figured that out. So what you do is put a tool in the middle that monitors the communications and intercepts them and then injects [its] own commands.
We did that where it then tells the secure element it’s in factory mode and we can take your mnemonics out, which is your money in crypto. So what we’ve done is engage OneKey in their bug bounty program and we got them to patch it.”
According to the cybersecurity experts, OneKey was thankful the exploit was brought to their attention as bad actors could have used it to steal customer funds.
“Something like this is a critical vulnerability. It’s really bad. OneKey was relieved we brought this to their attention, and that we did this before a nefarious actor found this and would steal people’s crypto.”
