OneKey’s crypto hardware wallet was hacked. The hack was investigated by cybersecurity start-up Unciphered, which found a lack of encryption between the device’s central processing unit and the secure element where the crypto keys are stored.

The hack was made possible by an attacker inserting code and disassembling the OneKey Mini, bypassing the security pin, and taking the mnemonic phrase.

OneKey engaged in the company’s bug bounty program and worked with Unciphered to patch the vulnerability. The manufacturer claimed that all disclosed vulnerabilities have been or are being fixed and that no one has been affected.

The company also emphasized that these attacks can only be carried out with physical access and not remotely.

OneKey thanked Unciphered for their contribution and paid a bounty for their help in improving security measures.

The article highlights the importance of white hackers and security firms in discovering vulnerabilities and helping manufacturers improve their security measures, as 100% security is unlikely to be achieved by any provider.

Tags