A hardware mutation in the OneKey Mini crypto wallet can facilitate unauthorized access to the users’ private keys
However, in response to Uncryphered, OneKey informed its users that they had already fixed this vulnerability earlier this year without anyone being affected
A cybersecurity startup, claimed that they had found a ‘massive critical vulnerability’ in OneKey Mini.
According to the YouTube video, a hardware mutation in this physical crypto wallet can facilitate unauthorized access to the users’ private keys. Team Uncryphered in the video informed their viewers that by dissembling the wallet and entering the code, one could remove the mnemonic phrase used to recover the wallet address.
The OneKey Mini is made up of a CPU and a secure element where all your private keys are stored. In general, the communication between the processing unit and the secure element is encrypted and even a monitoring tool in between the communication cannot decipher the private keys. This was not the case with OneKey and one can just use a monitoring tool to intercept the communication and even add its own commands.
However, in response to Uncryphered, OneKey informed its users that they had already fixed this vulnerability earlier this year without anyone being affected. OneKey also announced to their community that the team Uncyphered has been rewarded with bounties to contribute towards the security of OneKey crypto wallets.
OneKey also highlighted that any attacks as described in the video are only possible if one does not follow the basic security guidelines. To conduct such an attack, the attacker would need to get physical access to the device and require a Feild Programmable Gate Array device in a suitable lab environment to successfully conduct the attack (which is not as easy as it sounds).
OneKey also stated that they are working diligently towards other possible vulnerabilities in their devices while also taking the supply chain attacks into consideration. With its tamper-proof packaging, OneKey is also planning to upgrade its supply chain providers to Apple to significantly increase security.
5 Things to Keep in Mind to Secure Your Crypto Wallet
As OneKey suggested if the users follow the basic good practices while handling their crypto wallet most of the vulnerabilities would be completely ineffective. Here’s a list of good practices that CoinGabbar suggests you secure your crypto wallets:
Never share your crypto private keys with anyone
Always use 2-Factor Authentication for your crypto wallet access
Prefer cold wallets to store your crypto assets
Do not trust anyone, blockchain and cryptocurrencies are trustless mechanisms, and if you are being asked to trust a central entity, beware
Its always better to not keep all of your eggs in the same basket
Following the basics of security, good practices can highly increase the security of your crypto wallets.
To read more interesting news about cryptocurrency and blockchain, keep following CoinGabbar. And, don’t forget to share your views about the news in the comments below.
Also, Read - Brazil's Oldest Bank Accepts Crypto in Tax Payments