A group of hackers managed to infiltrate the OneKey hardware cryptocurrency wallet and received a reward of $10,000 from the manufacturer of the product.The hackers then posted a video on YouTube showing how they did it.
The creator of Hong Kong-based cryptocurrency storage device OneKey advertises his product as "an open-source wallet trusted by millions". Last September, the startup raised about $20 million in a funding round led by Dragonfly, Ribbit Capital and Coinbase Ventures.
Unciphered hackers were able to trick the device into believing it had not been taken out of the factory. As a result, they were able to find out the passphrase (password) of the wallet. This required physical access to the device and being highly skilled in technical matters.
Ishi Wang, founder of OneKey, confirmed that their device had been hacked and said they had already released an update to fix the flaws. Furthermore, "white hackers" - people who find bugs and report them to developers - received a $10,000 reward from OneKey as a thank-you for helping them find security flaws.
Eric Michaud, founder of Unciphered, noted that hardware wallet owners in particular are often targeted by criminals because of the huge amount of digital assets stored on them. He also stressed that hardware wallets can provide a degree of protection against attackers. Older devices that have not been updated by users or are no longer supported by the manufacturer may be vulnerable.
When crypto-assets are hacked and stolen, hackers involved in such activities who have been branded ""white" can expect a reward of around 10% of the stolen goods. An example of this was last August, when the Nomad blockchain bridge allowed a cybercriminal who escaped with $190 million worth of digital currency to keep $19 million for himself.
Many cryptocurrency companies also pre-set the amount of reward that will be given to users who find any flaws or faults in the system. The largest amount the Arbitrum protocol team has set for detecting an error was about $2 million. In August 2022, Riptide, a "white" hacker, received only 400 ETH (valued at $531,000 at the time) from the developers after discovering a significant bug in the code. Dissatisfied with the amount, he said that such "underpayment" could lead to "white" hackers becoming "black" hackers as well.
