NYC-based entrepreneur Dan Reich has recently regained access to more than $2 million worth of crypto left in a Trezor One hardware wallet with the help of renowned computer engineer and hardware hacker Joe Grand.
In a YouTube video uploaded recently, the Portland-based hacker popularly known by his pseudonym “Kingpin” gave a comprehensive narration of how he cracked the wallet to recover the “lost” crypto assets.
How it all Started
Earlier in 2018, Dan Reich and his friend had decided to splurge $50,000 on the newly launched Theta token, trading around 21 cents at that time.
Initially, they kept the tokens on a Chinese exchange but later had to transfer them to a Trezor One hardware wallet due to the rising crackdown on cryptocurrencies by the local government. However, they forgot about the coins.
Reich eventually remembered and decided to sell the Theta tokens. Yet, his friend had already lost the paper on which he had written the wallet’s PIN, so they had to start guessing the 5-digit PIN. At this point, though, they already guess several times wrongly.
After 12 failed attempts, the duo decided to stop guessing as the data on the wallet would automatically be erased on the 16th incorrect attempt.
$50,000 Turned $2 Million
As Theta’s price continued to increase over the years, the value of their “lost” crypto fortune rose to $2 million this year. Motivated by the crypto fortune, Reich and his friends intensified their efforts to regain access to the funds.
Soon they discovered a Switzerland-based financier who claimed he had associates in France who could crack the wallet in a lab. However, they demanded that to do the job, Reich would not go to the lab or know the names of the people who would supposedly be cracking the wallet.
Yet, despite how crazy the idea sounded, the duo was willing to take the risk as they became desperate. However, in a sudden turn of events, Reich discovered Joe Grand in the US.
Hacker Saves the Day
They immediately reached out to the computer engineer, who agreed to help. Grand bought several similar wallets and installed the same version of firmware to replicate the one Reich and his friend had. He spent 12 weeks on trial and error but eventually found a way to recover the lost PIN.
Grand said he used a fault injection attack, a strategy that modifies the voltage going to the chip, to bypass the security of the wallet’s microcontrollers. It prevents hackers from reading RAM and obtaining the PIN needed to unlock the wallet and funds.
“We are basically causing misbehavior on the silicon chip inside the device in order to defeat security. And what ended up happening is that I was sitting here watching the computer screen and saw that I was able to defeat the security, the private information, the recovery seed, and the pin that I was going after popped up on the screen,” the hacker explained.
Reich and his friend got back their $2 million crypto fortune and gave Grand his percentage of the treasure.
Meanwhile, soon after the story surfaced, hardware wallet maker Trezor was quick to put users’ minds at rest by noting that the vulnerability that Grand exploited to recover the lost crypto has since been identified and fixed.
The company added that all its new devices do not have the vulnerability as they are “shipped with a fixed bootloader.”