- Trezor wallet containing $2 million lost fund has been recovered by a hacker.
- Joe Grand used fault injected attack technique to access the RAM.
- Trezor noted in a tweet that the technique is not possible to in accessing funds in newer devices.
The Trezor One hardware wallet containing more than $2 million worth of lost funds has been accessed by a computer engineer who also happens to be a hardware hacker. Joe Grand, the Portland hacker whose online alias is “Kingpin”, explained in a YouTube video the steps he used to access the lost funds.
The lost fund belongs to a New York City (NYC) investor Dan Reich and his friend, who discovered that they could not remember the access pin to the hardware wallet containing Theta valued at $50,000 in 2018. Since the maximum number of trials in accessing the wallet is 16, they stopped at the 12th trial to ensure that the funds in the wallet are not wiped out after the maximum trial.
With the recent bullish run of most crypto last year, they discovered that the worth of tokens is now $2 million. They had to take the hard decision to connect with Joe since that’s the only option left once the seed phrase or pin is lost. Joe was able to access the funds after spending 3 months of trial and error.
Joe was optimistic about accessing the funds since he discovered that a failed hack would only erase the information that is available in the random access memory (RAM). This is because of a firmware update that moved both the seed phrase and pin to the RAM, and back to flash after it was successfully installed. Reich version copied it to the RAM instead of moving it.
Joe explained he was able to access the PIN needed to get into the funds by using the fault injection attack- which changes the security of the microchips in the hardware to read the RAM.
We are basically causing misbehavior on the silicon chip inside the device in order to defeat security. And what ended up happening is that I was sitting here watching the computer screen and saw that I was able to defeat the security, the private information, the recovery seed, and the pin that I was going after popped up on the screen.
Trezor, in a tweet, noted that this could only be possible for older ones of the hardware since it has been fixed in newer devices.