• $2 million in cryptocurrency was recovered from a hacked Trezor wallet

  • Joe Grand, a computer expert and hacker, has come to Dan Reich’s aid three years after it became clear that he couldn’t access his Trezor One hardware wallet.

    Trevor, one of the owners, loses access to his wallet.

    Reich, a New York City-based entrepreneur, and a buddy found in 2018 that their $50,000 investment in Theta was no longer accessible because they had misplaced the security PIN to the Trezor One on which the tokens were housed.

    They made twelve fruitless efforts to guess the security pin in order to recoup their investment. However, they ceased their efforts when it became clear that their efforts would not generate a good outcome and they were on the verge of the 16 erroneous guesses that would result in an automatic wipe of the account.

    They realized that their investment had increased to $2 million some years later. This huge sum motivated them to redouble their attempts to reclaim the monies. This time, it was clear that because they couldn’t access the wallet’s seed phrase or PIN, the only option to recover the tokens was to hack into it.

    How Grand managed to pull out the hack

    This discovery and desire compelled them to seek Grand, a well-known hacker and leading computer engineer. The diligent hacker identified a means to recover the stolen PIN after a lengthy process that took 12 weeks of painstaking trial and error.

    After successfully hacking the account, Kingpin, as the Portland-based hacker is known, posted a YouTube video outlining how he accomplished the feat.

    The key to this hack, according to him, was that during a firmware update, the Trezor One wallets briefly relocate the PIN and key to RAM, only to return them to flash once the firmware was installed.

    Grand discovered that in the firmware version put on Reich’s wallet, this information was copied to RAM rather than relocated, which implies that even if the hack fails and the RAM is erased, the information regarding the PIN and key will still be kept in a flash.

    Grand was able to circumvent the security that microcontrollers put in place to prevent hackers from reading the RAM and obtaining the PIN needed to access the wallet and funds by utilizing a fault injection attack – a technique that modifies the voltage going to the chip.

    What's your reaction?