Three years after finding Dan Reich unable to access his Trezor One hardware wallet, computer engineer and hacker Joe Grand came to his rescue.

Reich, a New York City-based entrepreneur, and his friend discovered in 2018 that their investment in Theta, initially valued at $50,000, could not be accessed again because they had lost the security PIN for Trezor One, which was used to store the tokens. was stored.

In order to recoup their investment, they made twelve unsuccessful attempts to guess the cryptocurrency. However, after it became clear that their efforts might not yield positive results and that they were on the verge of 16 false guesses, which would result in an automatic account wipe, they paused their efforts.

A few years later, they found that their investment had grown to $2 million. This huge number inspired them to redouble their efforts to recover the funds. This time, it was clear that since they had no access to the wallet's booster or PIN, the only way to retrieve the tokens was through hacking.

This discovery and desire drove them to approach Grand, the famous hacker and foremost computer engineer. After 12 long weeks of tedious trial and error, the ruthless hacker found a way to recover the lost PIN.

After successfully hacking into the account, Kingpin, a hacker widely known in Portland, uploaded a YouTube video explaining how he managed to crack the clever hack.

According to him, the key to the hack was that during the firmware update, the Trezor One wallet temporarily moved the PINs and keys to RAM, only to move them back to flash memory after the firmware was installed.

Grand discovered that in the version of the firmware installed on the Reich wallet, this information was not moved but copied to RAM, meaning that if the hack failed and the RAM was erased, the information about the PIN and key would still be stored in a flash.

After using a fault injection attack, a technique that alters the voltage of the chip, Grand was able to bypass the security measures that the microcontroller must take to prevent hackers from reading the RAM and obtaining the PIN codes needed to access the wallet and money.

CryptoSlate Newsletter

Summarizes the most important daily stories in cryptocurrency, DeFi, NFT, and more.

Source Link

External