Joe Grand, a computer engineer, and a hardware hacker has succeeded to hack Daniel Reich‘s Trezor hardware wallet upon his request to recover his $2 Million worth of Theta coins saved in this Trezor Model one hardware wallet, which Daniel Reich forgot its unlocking password.
Like many other people found mining cryptos not so profitable in 2018; Daniel and his friend Jesse decided to invest and HODL a new coin at that time and they choose to buy Theta tokens paying 2 BTC, which worthed $50000 at that time at about $0.21 / Theta token.
They were storing these coins in a Chinese exchange platform, which later sent a message to all its accounts holders requesting them to withdraw any coins stored in their accounts because the Chinese government was going to shut down this exchange platform.
They bought a Trezor hardware wallet Model one and moved their coin to be stored in this device, which later they forgot its PIN code and the 24-word recovering passphrase.
The price of Theta went up from $0.21 to $14.28 in April 2021, which made their locked fortune worth more than $2 Millions.
Trezor hardware wallet, which is also called Cold Wallets are USB sticks that store and protect your crypto private keys without connecting to the internet.
Trezor Model One, Trezor Model T, Ledger Nano S, Ledger Nano X, and all other hardware wallets protect the stored coins by eliminating thieves from guessing passwords; If the PIN code is entered wrongly a specific number of times the wallet will wipe up all the stored cryptos, while the original owner can buy a new USB Hardware wallet and restore his coin by entering the correct password.
So, Daniel and Jesse had no option other than physically hack their Trezor wallet; they searched the web for hardware hackers, computer engineers, crypto specialists until they found Joe Grand, the hardware hacking expert.
How Trezor hardware wallet‘s security was defeated?
Hacking a crypto hardware wallet is very challenging, you have only one chance to do it right without damaging this precious device that contains unique data not found anywhere on the planet other than this stick.
Hacking these highly secured devices is nothing like what you see in the movies, it is not just codes that hack a device as people think; It is like solving puzzles, making thousands of trials that take hours and hours of testing that needs knowledge of these devices’ physical components and how it works.Joe Grand
Joe found a vulnerability that enabled him to read the RAM of the device, where the PIN code was temporarily stored during the Trezor hardware wallet firmware update.
the hacker relied on a method called Fault Injection using voltage glitch which can only be done on power-up enabling the debug mode to access the RAM data to reach the stored PIN code.
After a very tough three and half hours, glitching, plinking, the Trezor hardware wallet RAM content was extracted, the 5-digits password was extracted; The detailed story is in the video below:
Trezor’s official reply
Trezor Company the manufacturer of Trezor Model One cryptocurrencies hardware wallet responded officially to the hacker youtube’s video in the comment section saying that this vulnerability is now fixed on the new editions of the Model One and Model T of their wallets and PIN codes can not be copied to the wallet RAM anymore.
“Hi, we just want to add that this is an outdated exploit that is not a concern for current users, and there is no record of any funds being compromised.”Trezor, Pinned by Joe Grand