There is a hacker - "Kingpin" revealed his success in hacking Trezor One wallet which has savings of over $ 2 million.
The individual or his real name, Joe Grand who is from Portland recounted the incident starting in 2018.
At the time, there was an entrepreneur from New York, Dan Reich who decided to withdraw a number of original investments worth about $ 50,000 from the Theta network.
It was then that Reich and his friends realized they had lost the security PIN of the Trezor One device that housed the token.
They entered the PIN with 12 attempts, until they finally gave up not to continue because the wallet would be locked forever after 16 failed entry attempts.
Their investment hit $ 2 million this year and the only way to get that profit is through wallet hacking.
Reich and his friend called Grand. It is understood that the hacker took 12 weeks to hack the wallet before finding a way out.
Here's how:
During a firmware update, the Trezor One wallet typically transfers its PIN and key into RAM.
After the update is complete, the PIN and key are returned to the device.
Grand found that the updated version this time did not transfer such information but only copied it for storage in RAM.
This means, if the hacking fails and RAM deletes the information, it is still there stored in the device.
Grand practiced fault injection and successfully bypassed protective restrictions to obtain PINs to access wallets and assets.
However, this hacking can be performed on earlier version devices that have already been refined with higher security.
If this device company introduces new changes to its product, it may be more difficult for its security to be breached by hackers.
