In a mere second, cybersecurity firm Unciphered was able to successfully hack into OneKey, a company that produces hardware wallets for cryptocurrencies.
OneKey has acknowledged the breach and stated that it has already fixed the firmware vulnerability that enabled the attack. However, with the burgeoning threats against the crypto industry, one is made to think how safe it really is.
So, what happened?
On February 10, Unciphered posted a video on YouTube demonstrating its ability to exploit a "massive critical vulnerability" that enabled it to "crack open" a OneKey Mini.
Through the process of disassembling the device and inserting code, it became feasible to reset the OneKey Mini to its original state, bypass the security PIN, and potentially enable an attacker to remove the mnemonic phrase required to recover a wallet.
OneKey has stated that the security vulnerability has already been taken care of. The company's hardware team implemented a security patch earlier this year, and no one has been impacted by the issue.
The company has further assured that all vulnerabilities that have been disclosed are being resolved or have already been fixed.
Should you be worried?
The statement suggests that the company acknowledged the concern raised by Unciphered about a vulnerability in its device, but clarified that the attack vector identified can only be executed through the disassembly of the device and physical access using a dedicated FPGA device in a lab.
This signifies that the vulnerability cannot be exploited remotely, offering some reassurance to the company's customers.
The threat isn’t over!
Experts noted that other hardware wallet providers have also been found to have similar issues, making it a major cause of concern for organizations and users involved.
The bottom line
OneKey stated that the primary goal of hardware wallets is to protect users' financial assets from cyberattacks and other potential threats. However, it is important that organizations routinely scan their system for bugs and security gaps.