Joe Grand, known as “Kingpin,” managed to hack a Trezor hardware wallet owned by businessman Dan Reich, who hired him to recover $2 million contained in the THETA wallet.
On his YouTube channel, engineer and hacker Joe Grand, better known as “Kingpin,” explained as he did to hack the Trezor hardware wallet of American businessman Dan Reich, who forgot the 5-digit access PIN of his wallet.
Although there are many stories of people who have unfortunately lost access to their cryptocurrency wallets, for various reasons, the story of Dan Reich, who invested $50.000 in THETA with a friend in 2018, ends with a happy ending. Thanks to Joe Grand's years-long career as a hacker, Its great skill already a vulnerability already fixed on Trezor devices, the American businessman was able to access his funds again, which had appreciated more than 4.000% since he made his initial investment.
In total, the THETA deposited in the Trezor hardware wallet amounted to about $2 million at the time of recovery, reported Grand to The Verge.
It may interest you: Cybersecurity: New malware that targets cryptocurrencies detected from Telegram
How did the story begin?
Reich and his friend had deposited THETA cryptocurrencies in a Trezor hardware wallet, in order to maintain custody and not lose access to them. Ironically, they both forgot the 5-digit PIN of the digital wallet, so they could not access their funds when they began to grow in 2020. Although THETA's appreciation was considerable at that time, the two friends decided to give up by not remember the access code.
However, in 2021 THETA gave them a big surprise, when its value began to grow exponentially until reaching an all-time high of $15,2 per unit last April. The cryptocurrency's bullish momentum renewed Reich's and his friend's interest in regaining access to his wallet, which took them a long way. Several hardware experts refused to help them until they found Joe Grand, residing in Portland, United States.
Three months of trial and error
To access the hardware wallet, Grand relied on research that Saleem Rashid, a 15-year-old hacker, had conducted in 2017, explaining a vulnerability present in Trezor devices that allowed access to funds without using the PIN. Grand says that, based on this research, he thought it would be a “piece of cake” to access the funds stored in Reich's Trezor wallet.
In his research, Rashid discovered that in an update, when turning on a Trezor wallet, it saved a copy of the PIN and key in RAM. A vulnerability that would allow Grand to access the THETA stored in Reich's wallet. However, Trezor hardware wallets are configured with a high level of security (RDP2) on their microcontroller (chip), which prevented Grand from reading the RAM, where the access key was stored.
Joe Grand says that he had to acquire several Trezor devices, like Reich's, and install the same firmware on them to begin a series of “trial and error” that lasted 3 months.
“…It reminded me that hacking is always unpredictable, exciting, and educational, no matter how long you've been doing it. In this case, the stakes were higher than normal: I only had one chance to get it right.”
Deciphering the wallet
Ultimately, Grand was able to bypass the security of Trezor wallets using a fault injection method, known as glitching; with which he was able to affect the chip voltage, breaking RDP2 security and forcing the wallet into update mode, to install and run his own script and recover the access key from the wallet's RAM.
It was a rather risky feat, which had to be repeated numerous times to find the exact moment to break the security of the wallet. Grand committed to Reich to successfully replicate the hack on 3 wallets before running it on his device. If something had gone wrong and inadvertently erased the RAM, Reich and his friend would have had to say “goodbye” to their funds forever. In total, it took 3 hours and 19 minutes to capture the 5-digit PIN from Reich and his friend's wallet.
Fixed vulnerability
Long before Joe Grand's statements, the Trezor development company, SatoshiLabs, had published a release to report this vulnerability. In July 2017, the company noted that the vulnerability had already been fixed. The developers released a new version of Trezor firmware, v1.5.2, which fixed the security issue that affected all devices with versions prior to this one.
At the time, SatoshiLabs also clarified that the vulnerability could not be exploited remotely, so there are no risks to funds stored on devices in the custody of their owners. Thus, to exploit the vulnerability, Grand had to have direct access to the hardware wallet. The Trezor developers reminded again that this is an exploit with little risk for its current users.
A happy ending
Although it is a story with a happy ending, at Bit2Me we remember the importance of doing a written endorsement of the seed or keywords when configuring a hardware wallet for the first time, as well as making a written backup of the access PIN. Also, it is important to store this backup in a safe and secure place, since if you lose it it will be impossible to restore a wallet and recover your funds.
The hardware wallet They are the most secure devices that exist in the crypto industry to store cryptocurrencies cold, without connection to the blockchain or the Internet. As long as they are used correctly, they will provide a pleasant experience.
Learn with Bit2Me Academy: If you want to learn more about hardware wallets, visit the article What are Hardware Wallets?
Continue reading: The Neodyme firm detects a security bug that risked millions of dollars in Solana
