Security Company Unciphered Attacks Crypto Hardware Wallet OneKey
Key Points:
- Unciphered, a cybersecurity company, revealed how to hack a well-known hardware cryptocurrency wallet made by OneKey.
- In a YouTube video, Unciphered demonstrated what is known as a “man-in-the-middle” attack on the wallet in which it was successful in obtaining the private key, also known as the mnemonic seed phrase, from the OneKey Mini hardware wallet by taking advantage of a flaw.
- OneKey quickly rectified the issue after being notified.
Cybersecurity startup Unciphered demonstrated a hack of a notable hardware crypto wallet manufactured by OneKey, a Hong Kong-based firm that raised $20 million last year.
Unciphered showed what’s called a “man-in-the-middle” hack of the wallet in a YouTube video where it was able to extract the mnemonic seed phrase, also known as the private key, from the OneKey Mini hardware wallet by exploiting a vulnerability.
The company said it used a field programmable gate array to intercept communications between the processor and the secure element, which contains the hardware wallet’s seed phrase, in order to take advantage of the absence of encryption between them.
“The FPGA is a high speed processor also known as a field programmable gate array, allowing us to iterate through different algorithms, bypass the wallet’s security and extract the mnemonics,” Unciphered said.
OneKey promptly patched the vulnerability after being contacted. The company stressed that a hypothetical assault, as shown by Unciphered, cannot be exploited remotely and would require both the crypto wallet of a user and specialized FPGA equipment, saying that no one was affected.
Recent attacks involving private keys are still ongoing. OracleSwap, a DEX protocol on the Songbird Network that allows users to earn interest for delegating their Flare and Songbird tokens, has been suspended due to compromised private keys.
On January 29, the FTSO provider revealed that the process of making its code open source had resulted in the compromise of its private keys. Delegates on OracleSwap have been asked by Flaremetrics to withdraw access and switch to different FTSO operators.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News