- OneKey is operating its business in 160+ countries, including 5 continents
- The hard wallet specialized company has over 1 Million active users
Amid the wallet hacking row, OneKey recently came up with a statement and suggested that they have disclosed that it has already fixed the flaws in its firmware that allowed one of its hardware wallets to be hacked in one second.
OneKey is a platform for holding and trading crypto assets and NFTs and tracking one’s account dynamics. The easy-to-use wallet has nearly a million users from 166 countries.
Unciphered, a cybersecurity startup posted a video in which they have figured out a mode to exploit a “massive critical vulnerability” that authorizes them to “crack open” a OneKey Mini.
The co-founder of Unciphered, Eric Michaud, said that by dismantling the device and inserting coding it was possible to return the OneKey Mini to “factory mode” and sidestep the security pin authorizing a potential attacker to remove the mnemonic phrase used to retrieve the wallet.
Eric quoted that “You have the CPU and the secure element. The secure element is where you keep your crypto keys. Now, the communications are normally encrypted between the CPU, where the processing is done, and the secure element.”
Eric added, “Well, it turns out it wasn’t engineered to do so in this case. So you could put a tool in the middle that monitors the communications, intercepts them, and then injects its own commands.
Nevertheless, in a Twitter post dated February 10, 2023, OneKey noted that it had already resolved the security flaws figured out by Uniciphered, and the hardware team of OneKey updated the security path earlier this year without affecting anyone.
The blog post of OneKey answered many questions centered on privacy and flaws of their hardware wallet. The company said, “it regularly releases several security patches each year to harden the hardware wallet, keeping progress and transparency in the sun.”
Onekey stated, “No one can write perfect code, and even Apple and Google release numerous security patches each year to ensure the security of their devices.”
It further quoted, “we are thinking about what is best for users and striking a better balance between open source and security,” “While we would like to achieve perfect physical security, we can only theoretically come infinitely close to doing so, not 100 percent.”
The largest digital asset hacks occurred in October, and the second largest occurred in March 2022, with $710 million in stolen funds. Most of which resulted in the exploitation of the Ronin Bridge, amounting to $625 million.
According to PeckShield data, the biggest hack occurred in October 2022 with the BNB chain, causing a loss of about $586 million.
Moola Market lost approximately $9.1 million, but after the investigation and recovery process, the community successfully recovered 93.1% of lost funds, and Attackers kept the remaining amount as a bug bounty.
On October 12, Mango Markets stated that it had experienced a hack because a hacker had influenced an oracle price and swiped liquidity. Almost $100 million has been swiped in the hack.
Source: https://www.thecoinrepublic.com/2023/02/13/no-one-can-write-perfect-code-says-onekey-amid-wallet-hack-row/