Unciphered, a cybersecurity startup, presented a hacking of a major hardware crypto wallet built by OneKey, a Hong Kong company that funded $20 million.
In a YouTube video, Unciphered demonstrated a so-called “man-in-the-middle” attack against the OneKey Mini hardware wallet by exploiting a weakness to extract the mnemonic seed phrase, commonly known as the private key. After being notified, OneKey fixed the issue immediately.
Private keys that give access to crypto assets are held offline and safeguarded by a physical device in a hardware wallet, making them far less vulnerable to hacking and theft. However, Unciphered was able to circumvent the hardware security features included in OneKey Mini.
The company said it exploited the absence of encryption between the hardware wallet’s CPU and the secure element by utilizing a field programmable gate array to intercept communications between the processor and the secure element, which contains the seed phrase.
OneKey issued a statement acknowledging the vulnerability and announcing that the security fix has been updated.
“No one was harmed,” the business said, noting that a hypothetical assault, as revealed by Unciphered, cannot be remotely exploited and requires both a user’s crypto wallet and specific FPGA hardware. OneKey said that it compensated Unciphered for the revelation.
Also Read: PayPal’s Cryptocurrency Holdings In 2022 Reached $600 Million
Wallets