The theft of cryptocurrency has become such a commonplace thing these days that the recent ‘wormhole hack’ which saw $325 million stolen from the DeFi bridge, is hardly that shocking anymore. But, as I keep pointing out, while cyber-crooks can use hacking techniques to steal crypto (it’s all data, after all), that doesn’t make all hackers baddies. Far from it. And to helpfully prove my point, you need to look no further than Joe Grand and the case of the locked $2 million Trezor crypto wallet.
Kingpin, aptly, recovers lost wallet crypto wallet PIN
Grand, better known within the hacking community as Kingpin, is a very well-known and very well-respected hardware hacker. In days past, he was a member of the influential L0pht Heavy Industries hacker collective, as well as a presenter of the Prototype This! Discovery Channel television show.
When Dan Reich found himself sitting on more than $2 million of Theta tokens in a locked Trezor One crypto wallet, with a long-forgotten PIN, he turned to Kingpin for help. And help he did.
You can read the full story at The Verge and I’d highly recommend that you do. However, the quick and dirty version is that the master hacker spent three months exploring three identical crypto wallets, with the same firmware installed, trying to find a way in that would work. Work, that is, in a repeatable fashion without rendering the contents lost forever. The method he eventually came up with was based on some 2018 research that, according to The Verge article, was a glitching method that uses a “fault-injection method” of altering chip voltage to “undermine security protecting the RAM and allow them to read the PIN and key when they were briefly in RAM.”
Hack the Planet and unlock $2 million of lost cryptocurrency
This glitching froze all three wallets in its raw form and could not be trusted to work with such a large amount resting on success. After all, get it wrong, and that wallet could remain locked forever it the RAM was wiped. This didn’t deter a skilled hacker such as Kingpin, though; he persevered and uncovered a vulnerability that meant the wallet PIN and key were copied to RAM during the wallet power-on phase. The trick, therefore, was to glitch the thing at precisely the right point in the process.
Kingpin coded some software that would do this, still risky, it has to be said, procedure. That software announced ‘Hack the Planet’ after three or more hours of pinpointing the exact moment to strike. When the program was finally let loose on Reich’s wallet for real, it took three and a half tense hours before that message, made famous in the Hackers movie, appeared. But appear it did, and Reich was able to move the $2 million of crypto out of the wallet. Kingpin was, of course, well rewarded for his efforts.
Trezor, for its part, has already fixed that vulnerability.
Source: https://www.forbes.com/sites/daveywinder/2022/02/07/hack-the-planet-how-this-hacker-unlocked-a-2-million-crypto-wallet/