Key Points:
Unciphered showed what’s called a “man-in-the-middle” hack of the wallet in a YouTube video where it was able to extract the mnemonic seed phrase, also known as the private key, from the OneKey Mini hardware wallet by exploiting a vulnerability.
The company said it used a field programmable gate array to intercept communications between the processor and the secure element, which contains the hardware wallet’s seed phrase, in order to take advantage of the absence of encryption between them.
“The FPGA is a high speed processor also known as a field programmable gate array, allowing us to iterate through different algorithms, bypass the wallet’s security and extract the mnemonics,” Unciphered said.
OneKey promptly patched the vulnerability after being contacted. The company stressed that a hypothetical assault, as shown by Unciphered, cannot be exploited remotely and would require both the crypto wallet of a user and specialized FPGA equipment, saying that no one was affected.
Recent attacks involving private keys are still ongoing. OracleSwap, a DEX protocol on the Songbird Network that allows users to earn interest for delegating their Flare and Songbird tokens, has been suspended due to compromised private keys.
On January 29, the FTSO provider revealed that the process of making its code open source had resulted in the compromise of its private keys. Delegates on OracleSwap have been asked by Flaremetrics to withdraw access and switch to different FTSO operators.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
The Dogecoin price has reached a five-month high, and investors should buy the Ethereum token…
Crypto isn’t just for the tech-savvy anymore; it’s for everyone. As more people jump into…
Wilmington, Delaware, 7th November 2024, Chainwire
Read how Plus Wallet’s top-tier ensures secure, unified digital asset management. Get the latest updates…
Former Alameda CEO Caroline Ellison reported to a Connecticut federal prison on November 7 after…
Degen Rollup Key Issue: Conduit seized Degen’s L3 private key, causing 54 hours of downtime…
This website uses cookies.