$2 million in crypto recovered from hacked Trezor wallet $2 million in crypto recovered from hacked Trezor wallet
An engineer and hacker has helped an entrepreneur to recover around $2 million in lost crypto in a Trezor hardware wallet.
2 min read
Updated: Feb. 4, 2022 at 10:14 am UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Three years after it became apparent that Dan Reich couldn’t access his Trezor One hardware wallet, a computer engineer and hacker, Joe Grand, has come to his rescue.
Trevor one owner loses access to wallet
Reich, an entrepreneur based in New York City, and his friend had in 2018 discovered that their investment in Theta, which was initially worth $50,000, was not accessible to them again because they had lost the security PIN to the Trezor One on which the tokens were stored.
To recover their investment, they made twelve unsuccessful attempts to guess the security pin. However, after it became apparent that their efforts might yield no positive result and they were on the verge of the 16 incorrect guesses that would lead to an automatic wipe of the account, they paused their efforts.
Several years later, they discovered that their investment had grown to $2 million. This massive figure inspired them to redouble their efforts to recover the funds. This time around, it was apparent that since they couldn’t access the wallet’s seed phrase or PIN, the only way to retrieve the tokens was through hacking.
How Grand pulled off the hack
This discovery and desire drove them to approach Grand, a well-known hacker, and foremost computer engineer. After a long process that took 12 weeks of tedious trial and error, the relentless hacker discovered a way to recover the lost PIN.
After the successful hack of the account, Kingpin, as the Portland-based hacker is widely known, uploaded a YouTube video explaining how he pulled off the ingenious hack.
According to him, the key to this hack was that during a firmware update, the Trezor One wallets temporarily move the PIN and key to RAM, only to move them later back to flash once the firmware is installed.
Grand found that in the version of firmware installed on Reich’s wallet, this information was not moved but copied to the RAM, which means that if the hack fails and the RAM is erased, the information about the PIN and key would still be stored in a flash.
After using a fault injection attack — a technique that alters the voltage going to the chip — Grand was able to bypass the security the microcontrollers have to prevent hackers from reading the RAM and obtain the PIN needed to access the wallet and the funds.
Posted In: Hacks
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
