Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet

Cryptocurrency

Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet – Crypto News

Published

3 years ago

February 14, 2023

Dripp

In a YouTube video shared on their channel, the cybersecurity team at Unciphered demonstrated a critical security vulnerability for the OneKey wallet that they discovered during research.

As is customary for the white hat discovery of vulnerabilities, the video was released after it was patched.

Lacking Customary Encryption

Unciphered, a cybersecurity startup whose main focus is recovering lost crypto for clients who no longer have access to their wallets, presumably uncovered the issue while attempting to recover funds for a customer. In the videosa OneKey wallet is disassembled and manipulated, with the Unciphered team inserting a piece of hardware that monitors communications between the wallet’s CPU and its secure unit.

Generally, the communication between the CPU and the secure unit – where the mnemonic and crypto are stored – is encrypted. However, for OneKey wallets, it appears this was not the case.

“Normally, the communications are encrypted between the CPU, where the processing is done, and the secure element. Well, it turns out it wasn’t engineered to do so in this case. So what you could do is put a tool in the middle that monitors the communications and intercepts them, and then injects its own commands.”

Factory Mode Bypass

By inserting their piece of hardware between the CPU and the secure unit, the team at Unciphered could trick the device into thinking it’s in factory mode, which then dumped the mnemonic onto the team’s device.

“We did that where it then tells the secure element it’s in factory mode, and we can take your mnemonics out.”

This would have allowed a bad actor who could have discovered the vulnerability to gain access to the wallet once it was reassembled.

Our Response to Recent Security Fix Reports https://t.co/Dp9nNp1D0U

— OneKey Open Source Wallet (@OneKeyHQ) February 10, 2023

It’s worth noting that in order to perform this hack, it would have been necessary for a bad actor to have physical access to the device, as it could not be performed remotely. Nevertheless, it’s important to note that the location of a hardware wallet can be exposed – take the Ledger breach, for example, where the data of the wallet clients was exposed, leaving them open to potential thefts as well as simple extortion. attempts,

Thankfully, the issue has now been patched due to communication between the two companies. For their efforts, Unciphered received an undisclosed amount from OneKey’s bug bounty program.

SPECIAL OFFER (Sponsored)
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month ,terms,

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.

Related Topics:Brave coinbase crypto decentralised decentralized decentralized exchange ERC-20 Featured Meme coin Robinhood Solana

Up Next

Layoffs Hit Solana NFT Marketplace Magic Eden, Sheds 22 Employees – Crypto News

Don't Miss

Paxos Will No Longer Issue BUSD. What Does That Mean for DeFi? – Crypto News

Click to comment

Leave a Reply
Cancel reply

Technology1 week ago

Breaking: China Renaissance Bank Eyes $600M Raise for BNB-Focused Fund with YZI Labs – Crypto News

Best phones under ₹15,000: Oppo K13 5G, Infinix Note 50s, iQOO Z10x and more

Technology1 week ago

Best phones under ₹15,000: Oppo K13 5G, Infinix Note 50s, iQOO Z10x and more – Crypto News

Stripe’s stablecoin biz seeks national bank trust charter

Cryptocurrency7 days ago

Stripe’s stablecoin biz seeks national bank trust charter – Crypto News

others1 week ago

EUR/JPY retreats as Euro slides on French political uncertainty – Crypto News

Bitcoin slips under $122K after a 16% surge fueled by ETFs and futures.

Cryptocurrency1 week ago

Why Bitcoin could rebound up to 21% this week: experts explain – Crypto News

Metaverse1 week ago

human intelligence for artificial minds – Crypto News

China's Commerce Ministry says will tighten rules on rare earths exports

others1 week ago

China’s Commerce Ministry urges US to correct its wrong practices as soon as possible – Crypto News

Bitcoin, crypto ‘dip buy hype’ is now at its highest level in 7 months

Blockchain1 week ago

Crypto Traders Show ‘Rationalization’ Behavior’ After Market Plunge – Crypto News

S&P 500 e-mini (ES_F) Elliott Wave: Forecasting the future path

others1 week ago

Which way out of the range – Crypto News

Shiba Inu Burn Rate Crashes 99% as Crypto Sees Largest Liquidation Event Ever

Cryptocurrency1 week ago

Shiba Inu Burn Rate Crashes 99% as Crypto Sees Largest Liquidation Event Ever – Crypto News

Trump’s tariff threat pushes US Dollar below 99 amid trade tensions

others1 week ago

Trump’s tariff threat pushes US Dollar below 99 amid trade tensions – Crypto News

Solana Apps Generate 10x More Revenue Than Ethereum: Research

Cryptocurrency1 week ago

How Solana Overtook Ethereum’s Early Growth Curve – Crypto News

Inflation risks are tilted to the upside

others1 week ago

A balanced approach to monetary policy only works if inflation expectations are anchored – Crypto News

others1 week ago

Binance Founder CZ Addresses BNB’s Recent Strong Price Performance, Says It Has No Market Makers – Crypto News

Walmart teams with OpenAI for ChatGPT purchases. The retailer is ‘ahead of the curve’.

Metaverse7 days ago

Walmart teams with OpenAI for ChatGPT purchases. The retailer is ‘ahead of the curve’. – Crypto News

DeFi Withstands Stress Test as Market Mayhem Wipes Out Nearly $20B

De-fi1 week ago

DeFi Withstands Stress Test as Market Mayhem Wipes Out Nearly $20B – Crypto News

Technology1 week ago

Fed’s Anna Paulson Backs Rate Cuts, Downplays Trump Tariff Impact – Crypto News

Apple launches MacBook Pro 14-inch with M5 chip in India, price starts at ₹1,69,900

Technology6 days ago

Apple launches MacBook Pro 14-inch with M5 chip in India, price starts at ₹1,69,900 – Crypto News

How to Use ChatGPT to Discover Hidden Crypto Gems

Blockchain1 week ago

How to Use ChatGPT to Discover Hidden Crypto Gems – Crypto News

Polymarket bets trigger Nobel leak probe in Norway

Cryptocurrency1 week ago

Polymarket bets trigger Nobel leak probe in Norway – Crypto News

How Crypto Traders Are Positioning Following 'Black-Friday's' Crash

Cryptocurrency1 week ago

How Crypto Traders Are Positioning Following ‘Black-Friday’s’ Crash – Crypto News

Bulls Hold $130B Market Cap as Settlement Buzz Heats Up

Cryptocurrency1 week ago

Is It Good to Invest in Ripple Now? – Crypto News

others1 week ago

Crypto Market Braces for Volatility Ahead of Key U.S. Economic Events This Week – Crypto News

Technology1 week ago

XRP Price Crashes as Whales Dump 2.23B Tokens — Is $2 the Next Stop? – Crypto News

$23 Billion XRP Milestone Spotlighted by CME Group: Details

Cryptocurrency1 week ago

$23 Billion XRP Milestone Spotlighted by CME Group: Details – Crypto News

Powell speech steadies crypto market: Fed hints at slower balance-sheet runoff

Cryptocurrency1 week ago

Powell speech steadies crypto market: Fed hints at slower balance-sheet runoff – Crypto News

Business1 week ago

Pro Says Ethereum Price is a Buy Despite Rising Liquidations and BlackRock Selling – Crypto News

Business1 week ago

Pro Says Ethereum Price is a Buy Despite Rising Liquidations and BlackRock Selling – Crypto News

Decoding WLFI’s meltdown – Can a $7mln buyback undo a $190mln dump?

Cryptocurrency1 week ago

Decoding WLFI’s meltdown – Can a $7mln buyback undo a $190mln dump? – Crypto News

How to create 90's retro-style Diwali AI portraits with Google Gemini Nano: 50 Viral prompts to try

Technology1 week ago

How to create 90’s retro-style Diwali AI portraits with Google Gemini Nano: 50 Viral prompts to try – Crypto News

Business1 week ago

Crypto Market Recovery: BTC, ETH, XRP, DOGE Surge 4-12% As Expert Sees V-Shape Upside – Crypto News

AMD strengthens AI push: Oracle to deploy 50,000 MI450 AI chips in data centers starting 2026

Technology1 week ago

AMD strengthens AI push: Oracle to deploy 50,000 MI450 AI chips in data centers starting 2026 – Crypto News

FOMC stands pat on rates, “Waiting to see” on Trump policies

others1 week ago

Seems ‘prudent’ to cut rates further given lower inflation risks – Crypto News

Cryptocurrency1 week ago

Beyond Bitcoin: How Asia’s new crypto playbook is breaking from the west – Crypto News

‘Erotica for verified adults’: OpenAI to allow mature content on ChatGPT; Sam Altman vows to treat adults like adults

Metaverse1 week ago

‘Erotica for verified adults’: OpenAI to allow mature content on ChatGPT; Sam Altman vows to treat adults like adults – Crypto News

Cryptocurrency1 week ago

Celestia price reclaims $1 after crash to $0.27: TIA forecast – Crypto News

ChatGPT ‘adult model’ plan: OpenAI's Sam Altman reacts to criticism, says ‘not elected moral police’

Metaverse6 days ago

ChatGPT ‘adult model’ plan: OpenAI’s Sam Altman reacts to criticism, says ‘not elected moral police’ – Crypto News

Gemini Nano Banana model now generates and edits images inside Google apps: How it works

Technology1 week ago

Gemini Nano Banana model now generates and edits images inside Google apps: How it works – Crypto News

Car Group Limited – CAR Elliott Wave technical analysis [Video]

others1 week ago

Samsara Inc. (IOT) laps the stock market: Here’s why – Crypto News

others1 week ago

Four Meme and BNB Partner on $45M ‘Rebirth Support’ Airdrop, First Batch Set to Begin – Crypto News

US SEC announces approval of in-kind redemptions for Bitcoin and Ether ETFs

Cryptocurrency7 days ago

Bitcoin, Ethereum rebound following ‘largest single-day wipeout in crypto history’ – Crypto News

Business7 days ago

Nasdaq-Listed Webus Adopts XRP in New Tokenized Reward Platform, Eyes $20B Loyalty Market – Crypto News

Mint Explainer | Why Big Tech is rushing to build AI data centres across India

Metaverse7 days ago

Mint Explainer | Why Big Tech is rushing to build AI data centres across India – Crypto News

Tech is valued as if AI is the next smartphone. It isn’t.

Metaverse7 days ago

Tech is valued as if AI is the next smartphone. It isn’t. – Crypto News

Business6 days ago

Pi Coin Price Gears for Recovery as DEX and AMM Launch Revives Utility Hopes – Crypto News

Business6 days ago

Dogecoin Gets Major Utility Boost as Trump-Linked Thumzup Prepares DOGE Payments – Crypto News

Crypto Market Slides for Second Day as Bitcoin Dips Amid Geopolitical Tensions

De-fi6 days ago

Crypto Market Slides for Second Day as Bitcoin Dips Amid Geopolitical Tensions – Crypto News

Cryptocurrency4 days ago

Crypto markets turn red after Trump threatens to halt cooking oil imports from China – Crypto News

Is Wave 5 Still Coming or a New Bull Trend Emerging?

Cryptocurrency4 days ago

Is Wave 5 Still Coming or a New Bull Trend Emerging? – Crypto News

Aave V4 Looks to Turn Fragmented Liquidity into DeFi’s OS, Developers Say

De-fi1 week ago

Aave V4 Looks to Turn Fragmented Liquidity into DeFi’s OS, Developers Say – Crypto News

Crypto News

Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet – Crypto News

Cryptocurrency

Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet – Crypto News

Lacking Customary Encryption

Factory Mode Bypass

You may like

Leave a Reply Cancel reply

Leave a Reply

Trending

Leave a Reply
Cancel reply