Cracking a 2 million crypto wallet – The Verge
In early 2018, Dan Reich and a friend decided to spend $50,000 worth of Bitcoin on a batch of Theta tokens, a new cryptocurrency then worth just 21 cents each. at first, they held the tokens on a china-based exchange, but within weeks, a widespread crackdown on cryptocurrencies by the chinese government meant they would soon lose access to the exchange, so they had to transfer everything to a wallet hardware. Reich and his friend chose a trezor one hardware wallet, set up a pin, and then went about their business and forgot about it.
By the end of that year, the token had sunk to less than a quarter of its value, rose again, and crashed again. Reich decided that he wanted to collect, but his friend had lost the paper where he had written the pin and could not remember the digits. they tried to guess what they thought was a four-digit pin (it was actually five), but after each failed attempt, the wallet doubled the wait time before they could guess again. after 16 attempts, the wallet data would be automatically deleted. when they got to a dozen tries, they stopped, afraid to go any further.
Reading: Lost bitcoin wallet
reich gave up and canceled the money in his mind. he was willing to take the loss, until the price started to rise again.
From a low of around $12,000, the value of their tokens started to skyrocket. by the end of 2020, it would be worth more than $400,000, rising briefly to more than $3 million. it would be difficult to get into the wallet without the pin, but it wasn’t impossible. And with potentially millions at stake, Reich and his friend vowed to find a way in.
The only way to own cryptocurrencies on the blockchain is to have sole possession of a private key associated with a block of currency, but managing those keys has been challenging, sometimes high-risk, from the start. you can’t sell or spend your coin without the key (or the string of words used to derive the key, also called a seed), but if someone else gets hold of it, you can take your coins in a single anonymous transaction from anywhere in the world. world. You can store your key in a software wallet on an exchange’s server or in a software wallet on your own computer or mobile phone, but they are vulnerable to remote attack if someone on the internet can get your key.
Hardware wallets, the size of a thumb drive, are designed to solve that problem, by storing the key locally, off the internet, and signing transactions within the secure wallet when you insert the device into a computer and enter the pin. but if you forget the pin and don’t have the key written down, you’re usually out of luck and you can no longer access your coin on the blockchain.
This happens more often than you think. Cryptocurrency data firm chainalysis estimates that owners are likely to lose more than 3.7 million bitcoins worth $66.5 billion. currency can be lost for many reasons: the computer or phone that stores a software wallet is stolen or crashes and the wallet is unrecoverable; the owner inadvertently throws away his hardware wallet; either the owner forgets his pin or dies without giving it to family members.
As the value of his inaccessible tokens rose rapidly in 2020, Reich and his friend were desperate to break his wallet. They searched online until they found a 2018 conference by three hardware experts who figured out a way to access the key in a trezor wallet without knowing the pin. the engineers refused to help them, but it gave the reich hope.
“At least we knew it was possible and had an idea of how it could be done,” Reich says.
then they found a financier in switzerland who claimed to have associates in france who could crack the wallet in a lab. But there was a problem: Reich couldn’t know their names or go to the lab. he would have to deliver his wallet to the financier in switzerland, who would take it to his french associates. It was a crazy idea with a lot of risks, but Reich and his friend were desperate.
Covid and lockdowns delayed their plans in 2020, but in February 2021, with the value of their tokens now at $2.5 million, Reich was making plans to fly to Europe, when suddenly they found a better option: a hardware hacker in the usa uu. called big joe.
See also: Walmart Inc. (WMT) Q2 2023 Earnings Call Transcript | The Motley Fool
grand is an electrical engineer and inventor who has been hacking hardware since he was 10 years old. Known by the hacker nickname “Kingpin”, he was part of the notorious l0pht hacker collective that, in 1998, testified before the United States Senate about a vulnerability that could be used to shut down the internet or allow an intelligence agency to spy on traffic. . In 2008, he co-hosted the Discovery Channel show “Prototype This” and currently teaches hardware hacking to organizations and businesses that design complex systems and want to understand how hackers can attack their products.
Reich, an electrical engineer who owned a software company, had a better ability than most to assess whether Grand had the skills to pull off the trick. after just one conversation, he knew they had found the right person. “I remember thinking, ‘Wow, this is maybe one of the most brilliant electrical engineers I’ve ever met,'” he recalls.
grand, who has a custom lab in his family’s backyard in portland, bought several identical wallets to the one reich and his friend owned and installed the same version of firmware on them. he then spent three months investigating and attacking his practice wallets with various techniques. They agreed that Reich, who lives in New Jersey, would not fly to Portland with his wallet until Grand succeeded in breaking three wallets using the same technique.
“If I screwed something up, there was a good chance it might never recover,” Reich says.
luckily for grand, there was previous research to guide you. Back in 2017, a 15-year-old hardware hacker in the UK named Saleem Rashid had developed a method to successfully unlock a Trezor wallet belonging to tech journalist Mark Frauenfelder and helped him release $30,000 worth of Bitcoin.
rashid discovered that when the trezor wallet was powered on, it would make a copy of the pin and key that were stored in the wallet’s secure flash memory and place the copy in ram. A vulnerability in the wallet allowed him to put the wallet into firmware update mode and install his own unauthorized code on the device, which allowed him to read the pin and key where it was in ram. but installing the code from him caused the pin and key stored in long-term flash memory to be erased, leaving only the copy in ram. this made it a risky technique for the big boys to use; If he inadvertently cleared the ram before he could read the data, the key would be unrecoverable.
in any case trezor had tampered with their wallets ever since, so that the pin and key that was copied to ram during boot was erased from ram when the device was put into firmware update mode.
so grand looked instead to the method used in the 2018 conference talk that reich had also previously examined. In this case, the researchers found that even though Trezor removed the pin and key that were copied to ram during boot, the pin and key appeared in ram during another stage. found that at some point during firmware update mode, the pin and key were temporarily moved to ram, to prevent the new firmware from writing over the pin and key, and then re-flashed once firmware was installed. so they devised a technique called “wallet.fail”. This attack used a method of glitch injection, also known as glitching, to undermine the security protecting ram and allow them to read the pin and key when they were briefly in ram.
There are three levels of security available for the microcontroller used in trezor wallets: rdp2, the most secure, which does not allow you to read ram, and rdp1 and rdp0, which do. trezor wallets are configured to use rdp2 to prevent anyone from reading ram among other things.
but by performing a fault injection attack against the chip, which affects the voltage going to the microcontroller, the wallet.fail team discovered that they could downgrade the security of rdp2 to rdp1. then they could force the wallet into firmware update mode, sending the pin and key to ram, and read them. It was similar to rashid’s attack, except that the bug injection allowed them to access ram without exploiting the code.
The technique was excellent for a research project, but risky for Reich’s wallet. because the pin and key were moved to ram during the firmware update and not just copied, there was only one version in the wallet during this period. If you do something wrong, Grand could inadvertently clean the ram, along with the key and pin. As it was, every time he failed his practice wallets, they froze.
but while trying to fix the problem, grand stumbled upon a better solution. he discovered that in the version of firmware installed on the reich wallet, the key and pin were still copied to ram when the device was powered on. if grand crashed on the device at the right time, he could downgrade security to rdp1 and read ram. and because the key and pin were simply copied into ram at this point and not moved, unlike the wallet failure scenario, this meant that they still existed in flash if grand inadvertently cleared ram. it was a much safer solution that he elegantly borrowed from both previous attacks.
The only problem was that the flaw required thousands of attempts: powering up the wallet repeatedly and using different parameters to affect the microcontroller’s voltage each time, in an attempt to hit the exact moment that would allow it to degrade the microcontroller’s security. it took three to four hours using an automated script, and there was no guarantee that it would work on the reich wallet, even if it did work on the practice wallets. Reich compared the excruciating wait to sitting on a stakeout.
grand designed his program so that if the problem worked, his computer would scream “hack the planet!” — a nod to the hackers in the 1995 movie. when it came time to do the real hack last may, reich flew to portland for two days. They spent the first day preparing everything, filmed the stunt with a professional crew, and the next day Grand released the script for it.
See also: The scam that knows your name and home address – heres what to do – Naked Security
then they waited. and she waited a little longer. then they ate pizza and waited some more.
after nearly three and a half hours, the computer finally yelled, “hack the planet!” on the grand screen, i could see the five digit key and pin. Reich and his friend were now $2 million richer.
Immediately pulled theta tokens from his account and sent a percentage of the loot to grand for his services.
It was an exciting time for grand, and not just because of the money at stake. “It reinvigorated me…and helped me decide what I should do with my skills,” he says.
Since last May, he has been talking to other people who lost access to their funds, hoping to help more people break their wallets. This includes James Howells in Wales, who inadvertently tossed his hardware wallet in the trash in 2013 and lost access to Bitcoin now worth half a billion dollars. he has been trying for years to convince the local council of him to let him dig in the dump. The city tracks where residential trash is buried and they told him they could most likely locate the area where his wallet might be, but so far they have denied his request.
grand has also been talking to someone whose wallet is in a broken phone, which would require forensic repair techniques, and a couple who lost the password to a software wallet stored on their computer.
but grand doesn’t just want to crack wallets, he also wants to help make them more secure. it plans to report the vulnerabilities it finds to the provider when they can be fixed, so that criminals or others can’t exploit them and can take over the owner’s wallet. Does this mean that it will run out of vulnerabilities to hack at some point?
grand doesn’t think so. There will always be people with older versions of unpatched firmware in their wallets, like Reich, and he is confident that newer devices will remain vulnerable in different ways, even if they are patched.
“It depends on the design, but with enough time, effort, and resources, anything is hackable,” he says.
trezor already fixed part of the big problem exploited in later versions of its firmware. wallets no longer copy or move key and pin in ram at all. Pavol Rusnak, co-founder and CTO of Satoshilabs, which makes Trezor wallets, said that he now stores them in a flash-protected part that is not affected during firmware updates.
but there is still a core problem with the chip that allows fault injection and can only be fixed by the chip manufacturer, which the manufacturer has refused to do, or by using a more secure chip. Rusnak says his team explored the latter, but more secure chips generally require vendors to sign an nda, something his team opposes. trezor uses open source software for transparency, and when the rusnak team discovered a flaw in a secure chip they considered using, the chip manufacturer invoked the nda to prevent them from talking about it.
This means trezor wallets may still be vulnerable to other hacking techniques. grand is already working on a new method to hack the stm32 microcontroller used in wallets. it will work even on wallets with the newest and most protected firmware. however, he says he won’t release the details publicly because the ramifications go beyond wallets.
“stm32 is used in billions of devices around the world,” he says, and the problem he found is unfixable. “which is both amazing and terrifying.”
See also: Best Bitcoin Gambling: Top 5 Crypto Betting Sites In USA | Men&039s Journal