The Unciphered hacker group hacked into a hardware crypto wallet made by OneKey and received a reward of $10,000 from the manufacturer of these devices. The hackers posted a video on YouTube showing how they do it, writes RBC Kryipto.
Hong Kong-based cryptocurrency storage device maker OneKey bills its product as “an open source wallet trusted by millions.” Last September, the startup raised about $20 million in a funding round led by Dragonfly, Ribbit Capital and Coinbase Ventures.
Unciphered’s crackers tricked the device into believing it was still in the factory. Thus, Unciphered was able to force the device to reveal the seed-phrase (password) of the wallet. The vulnerability required the hacker to have physical access to the device and a high degree of technical expertise.
OneKey founder Ishi Wang confirmed the device had been hacked and said the company had already released an update to fix the vulnerability. OneKey paid “white hat” hackers (the so-called hackers who find bugs and report them to developers) $10,000 in the form of a “bounty” – a reward for programmers who find vulnerabilities and report them.
Unciphered founder Eric Michaud said that the owner of a hardware wallet usually has a large amount of digital assets and is especially often targeted by criminals. Michaud noted that crypto conferences have become a particularly attractive place for thieves.
He also drew attention to the fact that hardware wallets can give a false sense of security, making owners think that hackers will not be able to hack them. This is especially true for older devices whose manufacturers no longer work, or whose owners do not update them.
In the event of hacking and theft of crypto assets, the reward to “white” hackers is usually about 10% of the amount of funds stolen by them. So, in August last year, the Nomad blockchain bridge offered hackers who stole $190 million worth of cryptocurrency to keep $19 million worth of tokens.
At the same time, many crypto companies pre-set the amount of “bounty” that they are willing to pay to users who have discovered vulnerabilities. For example, the maximum reward for finding a bug, assigned by the Arbitrum protocol team, is $2 million. But in August last year, a “white hat” hacker, under the nickname Riptide, received only 400 ETH from the developers (about $531 thousand at that time) after discovering a critical error in code. Riptide was dissatisfied with the amount of remuneration and said that such an “underpayment” could push “white” hackers to move into the ranks of “blacks”.
Source: bitcoinlinux.com
The post Hackers paid $10,000 to hack OneKey hardware wallet appeared first on bitcoinlinux.com.
