KeyBleed: Attacking the OneKey Mini


August 25, 2023




Track 1

It’s hard to figure out which cryptocurrency wallets are more secure than others. Often good advice is to choose one that utilizes a Secure Element (like Ledger, ColdCard, OneKey, etc) as opposed to ones without that have been widely demonstrated to be easily dumped through fault injection (Trezor, KeepKey, etc).

This talk will discuss how the devils are in the details and how transfer of keys and sensitive data from the SE to the main microprocessor can sometimes introduce exploitable conditions that allow an even easier and more reliable attack. This talk will review some other prior attacks on cryptocurrency wallets, issues with code reuse, and the specific issue with the OneKey Mini that allows our company to recover the seed with 100% reliability in under 1 second that we’ll demonstrate live on-stage an exploit of a OneKey Mini where we extract and crack it’s seed to recover any funds stored on it.


TCrown, Unciphered

Eric Michaud is an expert in physical and cybersecurity with over 18 years experience. He has spoken at numerous conferences around the world, and his skill at opening impossible-to-pick locks earned him a place in locksport history with the “Michaud Attack.” He co-founded and served on the board of directors for The Open Organisation of Lockpickers and is referenced widely in academic papers, talks, and books including _Open in Thirty Seconds: Cracking One of the Most Secure Locks in America_ and _No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing. He was a computer and physical security analyst at Argonne National Laboratory, where he worked on nuclear security, counter proliferation tools development, and voting machine security.

Currently he is the co-founder/partner of the worlds first Institutional Cryptocurrency Rescue company developing full chain attack tools to reliably recover clients lost cryptocurrency in software wallets and encrypted hardware devices.