Trezor Wallet Has Been Hacked By Engineer

Trezor CEO Trezor App

A hardware hacker and computer engineer has revealed how he managed to crack the hardware wallet of Trezor One- which contained $2 million. Joe Grand- who has been based in Portland and who also goes by his hacker alias Kingpin- went on to upload a video on YouTube where he explained how he pulled off the ingenious hack. 

Trezor Wallet Hacked By Ethical Hacker

After he decided to cash out on an authentic investment of around $50,000 in Theta in 2018, Dan Reich, an entrepreneur based in NYC, and his friend, realized that they had lost the security PIN to the tokens of the wallet of Trezor One that their money was stored on. After unsuccessfully trying to guess the PIN 12 different times, they decided to stop before the wallet would automatically wipe itself clean after 16 incorrect guesses.

But with their investment moving through to $2 million in 2022, they tried redoubling their efforts to access those funds. And that only way left was through hacking. 

They reached out to Joe Grand, who spent around 12 weeks of trial and error but eventually found out a way that would help them recover the PIN that they had lost on the Trezor One wallet.

The key to this hack was that during an update on the firmware, the wallets would temporarily move the PIN and key into the RAM, only to later move them back to flash once they found the firmware to be installed. Grand also found that in several different versions, the firmware installed on the wallet of Reich was not moved by copied to the RAM. 

According to a recent tweet from Trezor, this vulnerability that allows most of the people to read from the RAM of the wallet is quite old and has already been fixed on most of the new devices. But unless drastic changes are introduced to the microcontroller, the fault injection attacks will still be posing a threat