Hacker recovers $2.5 million from “unhackable” hardware wallet

Losing your crypto keys is akin to a sudden punch to the solar plexus, something no crypto holder wants to ever experience. Once a pin has been lost, accessing your crypto wallet is all but impossible. This is what Dan Reich thought until he hired a hardware hacker to crack into his hardware wallet to access $2.5 million that has been sitting untouched for years. 

In 2018, entrepreneur Dan Reich and a friend spent $50,000 in bitcoin to purchase Theta tokens which were worth $0.21 at the time. After misplacing the security pin to a Trezor One hardware wallet, and 12 failed attempts to log in, the pair realised that they had effectively lost all the crypto assets in that wallet. Fast-forward to 2021 when the price of THETA had reached an all-time high and Dan Reich decided to take an unconventional route to recover his crypto. 

A video titled “How I hacked a hardware crypto wallet and recovered $2 million” by hardware hacker Joe Grand describes the journey that Grand took to recover the funds for Reich and his friend. A journey that on this occasion, ended in success.

While the loss of a pin can be devastating, it is by no means uncommon. According to Chainanalysis an estimated 3.7 million Bitcoins ($66.5 billion) are believed to be lost and inaccessible. This can be due to the physical loss of a hardware wallet, a user forgetting their pin, or the destruction of the wallet. 

Reich and his friend decided that they would not give up the $2.5 million in theta that they had previously given up as lost. In contacting Joe Grand they placed their trust in someone that, not only did they not know, but someone who could potentially lose their funds forever. Reich noted in an interview with The Verge “If he screwed something up, there was a good shot that it would never be able to be recovered”.

Fortunately for the owners of this Trezor One hardware wallet, Grand was able to hack into the wallet and recover their funds. The hacker used the experience of a previous hacker who, in 2017 developed a method to hack into a Trezor wallet. Grand exploited a vulnerability in the wallet which placed the wallet into firmware update mode and then install his own code on the device. Normally Trezor One wallets move the PIN and key to the RAM during a firmware update, which once complete the information returns to flash. However, on this occasion the PIN and key appeared in the device’s RAM at later stages which would run the risk of  Grand accidently wiping the RAM before he could read the data. 

On this occasion, Grand was able to perform a physical attack on the device that changes the amount of voltage going into the chip. This enabled him to bypass the wallet’s security protocol to prevent hackers from reading the RAM and finally access the pin and return the Theta tokens to Reich and his friend.

Trezor have been quick to respond to this exploit, noting that this is an outdated security issue that no longer affects new Trezor wallets:

“We just want to add that this is an outdated exploit that is not a concern for current users and that we fixed in 2017 right after a report that we received through our responsible disclosure program,” 

The hacking attempt may have ended successfully for the pair of entrepreneurs, however the likelihood of being able to repeat the magnificent recovery is debatable. Nonetheless, it may provide hope for others who have also lost access to their crypto funds. 

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Source: https://cryptodaily.co.uk/2022/01/hacker-recovers-2-5-million-unhackable-hardware-wallet