A hacker recovered $2 million in cryptocurrency to a wallet’s owner who forgot the password

​Hacker in the US hacked into Trezor wallet to help user

27.01.2022 - 09:15


1 min

What’s new? Joe Grand, known under the pseudonym Kingpin, has posted a video on YouTube in which he explained how he hacked into the Trezor One crypto wallet. The hacker broke into the wallet at the request of investors who had forgotten the password from him back in 2018. The accumulated investments amounted to about $2 million in cryptocurrency.

Joe Grand’s video

How did the hacker manage to hack the wallet? It took Grand 12 weeks to recover the lost PIN. During a firmware update, the Trezor One wallets temporarily move the code and key to RAM and then back to flash memory. Grand found that in the version of the firmware installed on the investors’ wallet, this information was not moved, but copied to RAM. This meant that if the hack failed and the RAM was erased, the PIN and key information would still be stored in the flash memory.

After using a fault injection attack, Grand still got the cherished numbers. After the hacker’s video of the hack was released, Trezor reported it was working on a fix for this vulnerability.


Vasiliy Smirnov Vasiliy Smirnov

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy