NYC-based entrepreneur Dan Reich recently gained access to over $2 million worth of crypto left in the Trezor One hardware wallet with the help of noted computer engineer and hardware hacker Joe Grand.
In a recently uploaded YouTube video, a Portland-based hacker known by his pseudonym “Kingpin” gave a comprehensive description of how he breached the wallet to recover “lost” crypto assets. .
how it all started
Earlier in 2018, Dan Reich and his friend decided to spend $50,000 on the newly launched Theta token, which traded around 21 cents at the time.
Initially, they kept the tokens on a Chinese exchange, but later had to move them to the Trezor One hardware wallet due to the growing crackdown on the cryptocurrency by the local government. However, they forgot about the coins.
Reach eventually recalled and decided to sell the Theta tokens. However, his friend had already lost the paper on which he wrote the wallet PIN, so they had to start guessing the 5 digit PIN. At this point, however, they already guessed wrong several times.
After 12 failed attempts, the duo decided to stop guessing as the wallet data would be erased automatically on the 16th wrong attempt.
from $50,000 to $2 million
As the Theta price continued to rise over the years, the value of his “lost” crypto fortune rose to $2 million this year. Inspired by crypto fortunes, Reich and his friends ramp up their efforts to gain access to the funds.
Soon he discovered a financier in Switzerland who claimed he had colleagues in France who could break into a wallet in a laboratory. However, he demanded that in order to do the work, Reich would not go to the lab or learn the names of the people who would have allegedly been sabotaging the wallet.
Yet, despite how crazy the idea seemed, both were willing to take the risk as they got desperate. However, in a sudden turn of events, Reich discovers Joe Grand in America.
hacker saves the day
They immediately reached out to the computer engineer, who agreed to help. Grand bought several identical wallets and installed the same version of the firmware to replicate it to Reich and his friend. He spent 12 weeks on trial and error but eventually found a way to recover the lost PIN.
Grand said he used a fault injection attack, a tactic that modifies the voltage going to the chip, to bypass the security of the wallet’s microcontroller. This prevents hackers from reading the RAM and obtaining the PIN needed to unlock the wallet and funds.
“We are basically abusing the silicon chip inside the device to defeat the security. And it finally happened that I was looking at the computer screen here and I saw security, private information, recovery seeds and pop ups on the screen. After he was able to defeat the pin he was using, the hacker explained.
Reich and his friend took back their $2 million crypto fortune and gave Grand a percentage of their treasure.
Treasure Responds
Meanwhile, soon after the story surfaced, hardware wallet maker Trezor was quick to put users’ minds to rest. noteworthy That the vulnerability that Grand exploited to recover lost crypto has since been identified and fixed.
The company said that not all of its new devices have the vulnerability because they “shipped with a certain bootloader.”
PrimeXBT Special Offer: Use this link and enter code POTATO50 to get 25% off on trading fees.