CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • DeFi & NFT
  • Buy
  • Language
    • Spanish
    • Turkish
    • German
    • Bulgarian
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • DeFi & NFT News
  • Bitcoin Price Analysis
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • CryptoPotato Spanish
  • CryptoPotato Turkey
  • CryptoPotato Germany
  • CryptoPotato Bulgaria
  • Market Updates
  • BTC Analysis
  • ETH Analysis
  • XRP Analysis
  • Interviews
CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • DeFi & NFT
  • Buy
  • Language
    • Spanish
    • Turkish
    • German
    • Bulgarian
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • DeFi & NFT News
  • Bitcoin Price Analysis
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • CryptoPotato Spanish
  • CryptoPotato Turkey
  • CryptoPotato Germany
  • CryptoPotato Bulgaria
Home » Crypto News » Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet

Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet

Author: Jordan Lyanchev

Last Updated Feb 13, 2023 @ 16:15

The security vulnerability allowed anyone with physical access to the hardware wallet to swipe its mnemonics.

Getting your audio player ready...

In a YouTube video shared on their channel, the cybersecurity team at Unciphered demonstrated a critical security vulnerability for the OneKey wallet that they discovered during research.

As is customary for the white hat discovery of vulnerabilities, the video was released after it was patched.

Lacking Customary Encryption

Unciphered, a cybersecurity startup whose main focus is recovering lost crypto for clients who no longer have access to their wallets, presumably uncovered the issue while attempting to recover funds for a customer. In the video, a OneKey wallet is disassembled and manipulated, with the Unciphered team inserting a piece of hardware that monitored communications between the wallet’s CPU and its secure unit.

Generally, the communication between the CPU and the secure unit – where the mnemonic and crypto are stored – is encrypted. However, for OneKey wallets, it appears this was not the case.

“Normally, the communications are encrypted between the CPU, where the processing is done, and the secure element. Well, it turns out it wasn’t engineered to do so in this case. So what you could do is put a tool in the middle that monitors the communications and intercepts them, and then injects its own commands.”

Factory Mode Bypass

By inserting their piece of hardware between the CPU and the secure unit, the team at Unciphered could trick the device into thinking it’s in factory mode, which then dumped the mnemonic onto the team’s device.

“We did that where it then tells the secure element it’s in factory mode, and we can take your mnemonics out.”

This would have allowed a bad actor who could have discovered the vulnerability to gain access to the wallet once it was reassembled.

Our Response to Recent Security Fix Reports https://t.co/Dp9nNp1D0U

— OneKey Open Source Wallet (@OneKeyHQ) February 10, 2023

It’s worth noting that in order to perform this hack, it would have been necessary for a bad actor to have physical access to the device, as it could not be performed remotely. Nevertheless, it’s important to note that the location of a hardware wallet can be exposed – take the Ledger breach, for example, where the data of the wallet clients was exposed, leaving them open to potential thefts as well as simple extortion attempts.

Thankfully, the issue has now been patched due to communication between the two companies. For their efforts, Unciphered received an undisclosed amount from OneKey’s bug bounty program.

SPECIAL OFFER (Sponsored)
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).

LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!

Tags: Security
Enjoy reading? Share with your friends
Facebook Twitter LinkedIn Telegram

About The Author

Jordan Lyanchev
More posts by this author

Jordan got into crypto in 2016 by trading and investing. He began writing about blockchain technology in 2017 and now serves as CryptoPotato's Assistant Editor-in-Chief. He has managed numerous crypto-related projects and is passionate about all things blockchain. Contact Jordan: LinkedIn

Join Our Community

FacebookX YouTubeTelegram


Editorials
How to Farm Airdrops on Hyperliquid (HYPE): The Complete Guide to Free Money This Crypto Cycle

How to Farm Airdrops on Hyperliquid (HYPE): The Complete Guide to Free Money This Crypto Cycle

How to Trade on Hyperliquid: The Ultimate Guide (Step-by-Step Walkthrough)

How to Trade on Hyperliquid: The Ultimate Guide (Step-by-Step Walkthrough)

12 Best Meme Coins to Watch in July 2025

12 Best Meme Coins to Watch in July 2025

7 Best Meme Coin Presales to Watch in July 2025

7 Best Meme Coin Presales to Watch in July 2025

Toobit Review 2025: Is Toobit a Safe Crypto Exchange?

Toobit Review 2025: Is Toobit a Safe Crypto Exchange?

Hyperliquid Bridge: How to Bridge USDC to Hyperliquid

Hyperliquid Bridge: How to Bridge USDC to Hyperliquid

11 Best Crypto Presales to Consider in July 2025

11 Best Crypto Presales to Consider in July 2025

Join Our Newsletter
Become a CryptoPotato VIP
One Weekly Email Can Change Your Crypto Life.
Sign-up FREE to receive our extended weekly market update and coin analysis report
We NEVER send spam. You can unsubscribe at any time.
Invalid email address
Thanks for subscribing!
Footer Logo
About
Advertise on CryptoPotato
About Us | Contact Us | Careers
Editorial Policy
Terms of service | Privacy Policy | GDPR
More Sections
IEO List | Evaluations
Airdrops
Scholarship
Disclaimer
Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. Full disclaimer
© Copyright CryptoPotato 2016 - 2025
Scroll to top
One Daily Email Can Change Your Crypto Life.

Sign-up FREE to receive our extended daily market update and coin analysis report

We never send SPAM. You can unsubscribe at any moment
Invalid email address
Thanks for subscribing!