Hackers received $10K for hacking OneKey hardware crypto wallet

Hackers received $10K for hacking OneKey hardware crypto wallet

Author: Robert Strickland

Hackers received $10K for hacking OneKey hardware crypto wallet
The maker of portable cryptocurrency storage devices has fixed the code and paid hackers a reward for finding the vulnerability

A group of Unciphered hackers cracked a hardware crypto wallet made by OneKey and received a $10,000 reward from the maker of these devices, Fortune reports. The hackers posted a video on YouTube showing how they did it.

 the startup raised about $20 million in a funding round led by Dragonfly, Ribbit Capital and Coinbase Ventures.

Unciphered's hacks tricked the device into believing it was still in the factory, the publication reported. In this way, Unciphered managed to force the device to reveal the wallet's seed phrase (password).

OneKey founder Ishi Wang confirmed the device hack and said the company had already released an update to fix the vulnerability. OneKey paid "white-hat hackers" (the name given to hackers who find bugs and report them to developers) $10,000 in "bounties" - rewards for programmers who find vulnerabilities and report them.

Eric Michaud, founder of Unciphered, said that the owner of a hardware wallet usually has a lot of digital assets and is especially often targeted by criminals. Michaud noted that cryptocurrencies have become a particularly attractive place for thieves.

He also pointed out that hardware wallets can give a false sense of security, making owners think that hackers can't hack them. This is especially true for older devices whose manufacturers no longer operate or whose owners don't update them.

When crypto-assets are hacked and stolen, the reward for "white-collar" hackers is usually about 10% of the amount they steal. Last August, for example, the Nomad blockchain bridge offered hackers who stole $190 million worth of cryptocurrency to keep $19 million worth of tokens.

At the same time, many cryptocurrency companies set in advance the "bounty" amount they are willing to pay to users who discovered vulnerabilities. For example, the maximum reward for the error detection, specified by the Arbitrum protocol team, is $2 million. But in August last year the "white" hacker under the nickname Riptide got only 400 ETH (about $531 thousand at that moment) from developers after the detection of critical error in the code. Riptide was not satisfied with the amount of fee and said that such "underpayment" can encourage the "white" hackers to switch to the "black".


Other news

Investing: Five altcoins with the highest growth potential
Reuters: Animoca Brands has lowered fundraising for Web3 to $800 million
Tether estimates first-quarter 2023 earnings at $700 million
U.S. prosecutors indicted Terraform Labs founder on eight counts
Bitcoin mining difficulty increased by 70% in a year
The hype over Arbitrum's airdrop brought down the project's website