Joe Grand, an electrical engineer, recently tweeted about how he hacked a Trezor wallet and recovered $2M. After forgetting his wallet passcode and seed phrase, he helped the owner retrieve cryptocurrency worth over $2 million.
Grand is an electrical engineer who has been hacking devices since he was ten years old. He was a member of the infamous L0pht hacking group, which testified before the US Senate in 1998 about a vulnerability that could be exploited to take down the internet or allow an intelligence agency to spy on traffic. His hacker name was “Kingpin.” He teaches hardware hacking to organizations and businesses that create complicated systems and want to know how hackers may attack them.
How did he crack the Trezor wallet?
Joe Grand said in his video, “a lot of people forget their passwords, and if you forget your password, then you can’t access the information on the chip, and you’re out of luck, and you’re out of money that’s the problem we’re dealing with today.”
He added that some guys contacted him out of the blue, saying that they have a trezor hardware wallet. They have a couple of million dollars stored on a device like this, and they want him to see if he can hack the wallet, defeat the security, and get access to the information to prove that the money is theirs.
“If he screwed something up, there was a good shot that it would never be able to be recovered,”
Reich, owner of the wallet
Grand, who runs a tailored lab in his family’s backyard in Portland, bought many similar wallets and placed the same version of firmware on them as Reich and his friend. Then he spent three months conducting research and experimenting with various approaches on his practice wallets.
Grand was fortunate in that he had past studies to help him. In 2017, Saleem Rashid, a 15-year-old hardware hacker from the United Kingdom, devised a technique to successfully unlock a Trezor wallet belonging to tech writer Mark Frauenfelder, freeing $30,000 in Bitcoin. Grand had put out a detailed video on the process on Youtube.
Are these wallets safe?
Ever since the video went viral, trezor wallet owners have been on the verge of doubt of how secure their funds are on the wallet. As a reply to Joe Grand’s tweet, Trezor replied:
No matter what secured updates come, hackers will always find a loophole to crack it. Wallet owners don’t need to panic. There is no bad news here; keep your wallet safe and do not forget your password. It’s as simple as that.