A hacker helps to recover stolen crypto from the Trezor wallet worth $2 million as we are reading more in our latest cryptocurrency news.
The computer engineer who is also a hardware hacker helps to recover stolen funds from a Trezor wallet containing $2 million. The New York-based entrepreneur Dan Reich was relieved after the hacker helped him recover over $2 million that sat in a Trezor one hardware wallet. In early 2018, Reich and his friend spent $50,000 in BTC to buy a batch of Theta network tokens worth about $0.21 at the time. The funds were held on a China-based exchange and moved to a Trezor wallet after.
By the end of 2018, the price of the token crashed and the two friends decided to cash out their investmetns but they realized that they had forgotten the PIN to their wallet which contained the tokens. After 12 failed attempts to guess the PIN, they gave up and hoped the wallet would wipe itself clean after 16 tries. However, after the price of Theta surged to hit an all-time high of $15 and their initial investment shortly increased above $3 trillion, Reich and his friend decided to renew their attempts and gain access to their wallet.
Going through different avenues, the two friends reached out to Joe Grand who is a hardware wallet who managed to recover their PIN. As the hacker explained, Trezor One wallets move the PIN and key to the RAM during a firmware update so once the update is complete, the information is moved back to the flash. This was not the case with Reich’s wallet despite Trezor removing the PIN and the key got copied to RAM during the bootup and the PIN appeared in the device’s RAM in later stages.
This meant that they should Grand wipe the RAM before he could read the data and he would be unable to recover the PIN. To solve the issue, Grand used a fault injection attack a physical attack on the device that changes the amount of voltage that goes into the chip. This allowed him to bypass the wallet security that was put in place to prevent the hackers from reading the RAM. Grand said:
“I was sitting here watching the computer screen and saw that I was able to defeat the security, the private information, the recovery seed, and the PIN that I was going after popped up on the screen.”
This kind of attack requires full physical access to the device and there’s no record of the funds being compromised.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post