Hackers received $10K for hacking OneKey hardware crypto wallet
The maker of portable cryptocurrency storage devices has fixed the code and paid hackers a reward for finding the vulnerability
A group of Unciphered hackers cracked a hardware crypto wallet made by OneKey and received a $10,000 reward from the maker of these devices, Fortune reports. The hackers posted a video on YouTube showing how they did it.
the startup raised about $20 million in a funding round led by Dragonfly, Ribbit Capital and Coinbase Ventures.
Unciphered's hacks tricked the device into believing it was still in the factory, the publication reported. In this way, Unciphered managed to force the device to reveal the wallet's seed phrase (password).
OneKey founder Ishi Wang confirmed the device hack and said the company had already released an update to fix the vulnerability. OneKey paid "white-hat hackers" (the name given to hackers who find bugs and report them to developers) $10,000 in "bounties" - rewards for programmers who find vulnerabilities and report them.
Eric Michaud, founder of Unciphered, said that the owner of a hardware wallet usually has a lot of digital assets and is especially often targeted by criminals. Michaud noted that cryptocurrencies have become a particularly attractive place for thieves.
He also pointed out that hardware wallets can give a false sense of security, making owners think that hackers can't hack them. This is especially true for older devices whose manufacturers no longer operate or whose owners don't update them.
When crypto-assets are hacked and stolen, the reward for "white-collar" hackers is usually about 10% of the amount they steal. Last August, for example, the Nomad blockchain bridge offered hackers who stole $190 million worth of cryptocurrency to keep $19 million worth of tokens.
At the same time, many cryptocurrency companies set in advance the "bounty" amount they are willing to pay to users who discovered vulnerabilities. For example, the maximum reward for the error detection, specified by the Arbitrum protocol team, is $2 million. But in August last year the "white" hacker under the nickname Riptide got only 400 ETH (about $531 thousand at that moment) from developers after the detection of critical error in the code. Riptide was not satisfied with the amount of fee and said that such "underpayment" can encourage the "white" hackers to switch to the "black".
- "On Assault." Experts predicted bitcoin exchange rate movements
- UK will give up to 2 years for illegal crypto-advertising
- Visa conducted a trial launch of payments in stablecoins in the SWIFT system
- Dubai bans anonymous cryptocurrency issuance and transactions
- The owner of the second-largest network of crypto machines filed for bankruptcy
- Cryptoservice LocalBitcoins announced its closure
- Dubai bans anonymous cryptocurrency issuance and transactions
- Kraken exchange shut down stacking in the U.S. and will pay a $30 million fine there
