OneKey, a leading crypto hardware wallet provider, was recently hacked by cybersecurity startup Unciphered. The hack was achieved in just one second, according to Unciphered.
The wallet manufacturer has since claimed that the vulnerability that allowed the breach has been fixed.
In a video posted on their YouTube channel, Unciphered explained the hack and how it worked. The hack was made possible due to a lack of encryption between the device’s central processing unit and the secure element, where crypto keys are stored.
An attacker could insert code, disassemble the OneKey Mini, return the device to ‘factory mode’, bypass the security pin, and take the mnemonic phrase.
The team at Unciphered engaged OneKey’s bug bounty program and worked with the manufacturer to patch the vulnerability.
OneKey has issued a statement saying that all disclosed vulnerabilities have been or are being fixed and that no one has been affected. The wallet provider also stressed that these attacks cannot be carried out remotely and would require physical access.
OneKey has claimed that other wallet providers have similar issues, but that they were the fastest to solve them. The manufacturer thanked Unciphered for their contributions to OneKey’s security by paying a bounty.
In conclusion, while OneKey strives for 100% security, it is unlikely to be achieved by any provider. White hackers and security firms play a crucial role in discovering vulnerabilities and helping manufacturers improve their security measures.